WCS Alarms

Unanswered Question
Jun 16th, 2009

I was wondering if anybody knows how to prevent these messages and also what it means :

- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.

- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smahbub Mon, 06/22/2009 - 17:33

These IDS signatures ship with the controller as “standard IDS signatures”. You can modify all these signature parameters, as the Controller IDS Parameters section here

https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para

Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.

If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)

Victor Fabian Tue, 06/23/2009 - 04:30

Have you seen this one before , everything looks fine but this just doesn't go away:

Radius server 192.168.100.219'(port 1813) is deactivated.

Thank you

Vic

Actions

This Discussion

 

 

Trending Topics - Security & Network