Deauthentication flood message

Unanswered Question

Is frecuently find in the enterprise WCS the following message

"IDS 'Deauth flood' Signature attack detected on AP 'XXXXXXX'protocol '802.11b/g' on Controller 'x.x.x.x'.

The Signature description is 'Deauthentication flood', with precedence '9'.

The attacker's mac address is 'xx:xx:xx:xx:xx:xx', channel number is '1', and the number of detections is '300'"

For security prouposes I changed the IP and MAC addresses.

The MAC address shown in the message is a Base Radio MAC from an AP controlled by the same WLC, which is sending the warning.

I read about a bug with a similar message but it's solved in the version 4.0.217.0 but this WLC has the 5.1.151.0 version and it's not shown in the release notes or bug toolkit.

Anybody can help me ? !

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Robert.N.Barrett_2 Wed, 04/29/2009 - 15:50

Code releases are in parallel, so version 4.2.x.x may have fixes that 5.1.x.x does not. Go with a code base that was released late last year or early this year.

We were at 4.2.130.0 and recently upgraded to 4.2.176.0. The messages greatly decreased after that. If you want to stick with 5.1 code, then you may want to consider upgrading to 5.1.163.0, which was released in February of this year.

Actions

This Discussion

 

 

Trending Topics - Security & Network