Management and Monitoring
91
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620
EAPOL-start attack • Attack. Multiple EAPOL start frames (5 or more) are sent to the
wireless access point to initiate the RADIUS authentication
process for clients.
• Res
ult. Wireless service is disrupted.
• Solution.
The wireless access point determines if the legitimate
clients have already been authenticated before processing
EAPOL start frames.
5 Trap
EAPOL-logoff attack • Att
ack. Several EAPOL logoff frames (2 or more) that use the
spoofed MAC address of a legitimate client are sent to the
wireless access point to terminate a RADIUS-authenticated
session.
• Res
ult. The client is disconnected from the wireless access
point.
• Solution.
The wireless access point determines if it still
receives traffic from the client before disconnecting the client.
2 Trap
Premature EAP
fai
lure attack
• Attack. Several premature EAP failure frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
failure.
• Res
ult. The client cannot be authenticated and cannot connect
to the wireless access point.
Note: The IDS detects this attack, but the IPS
does not take action
against this attack.
2 Trap
Premature EAP
s
uccess attack
• Attack. Several premature EAP success frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
success.
• Res
ult. The client cannot be authenticated and cannot connect
to the wireless access point.
Note: The IDS detects this attack, but the IPS
does not take action
against this attack.
2 Trap
CTS flood • Att
ack. Multiple clear-to-send (CTS) frames (60 or more) are
sent to the wireless access point.
• Res
ult. Wireless service is disrupted.
• Solution. The
wireless access point sends a channel change
frame to the legitimate clients and uses automatic channel
selection to switch to a new clear channel.
60 Trap
RTS flood • Att
ack. Multiple request-to-send (RTS) frames (60 or more) are
sent to the wireless access point.
• Res
ult. Wireless service is disrupted.
• Solution. The
wireless access point sends a channel change
frame to the legitimate clients and uses automatic channel
selection to switch to a new clear channel.
60 Trap
Table 24. IDS/IPS policies and policy rules (continued)
Policy Description Policy Rule
Threshold Notification
Comments to this Manuals