WCS Alarms

Unanswered Question
Jun 16th, 2009
User Badges:

I was wondering if anybody knows how to prevent these messages and also what it means :

- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.


- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Mon, 06/22/2009 - 17:33
User Badges:
  • Silver, 250 points or more

These IDS signatures ship with the controller as “standard IDS signatures”. You can modify all these signature parameters, as the Controller IDS Parameters section here

https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para


Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.

If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)


Victor Fabian Tue, 06/23/2009 - 04:30
User Badges:

Have you seen this one before , everything looks fine but this just doesn't go away:


Radius server 192.168.100.219'(port 1813) is deactivated.


Thank you


Vic

Actions

This Discussion

 

 

Trending Topics - Security & Network