IDS Res mgmt D signature attack

Unanswered Question
Aug 10th, 2009
User Badges:

Hi, I'd like to know on how can i prevent this from happening? i get a lot of this messages lately: is there a way to resolve this? what does this really mean? is it a major network attack?


IDS 'Res mgmt D' Signature attack detected on AP 'AP1' protocol '802.11b/g' on Controller '10.10.120.5. The Signature description is 'Reserved management sub-type D', with precedence '10'. The attacker's mac address is '00:1a:f7:75:43:35', channel number is '1', and the number of detections is '5'.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
aghaznavi Mon, 08/17/2009 - 10:20
User Badges:
  • Silver, 250 points or more

The Cisco intrusion detection system/intrusion prevention system (CIDS/IPS) instructs controllers to block certain clients from accessing the wireless network when attacks involving these clients are detected at Layer 3 through Layer 7. This system offers significant network protection by helping to detect, classify, and stop threats including worms, spyware/adware, network viruses, and application abuse. Two methods are available to detect IDS attacks:

• IDS sensors

• IDS signatures

You can configure IDS signatures, or bit-pattern matching rules used to identify various types of attacks in incoming 802.11 packets, on the controller. When the signatures are enabled, the access points joined to the controller perform signature analysis on the received 802.11 data or management frames and report any discrepancies to the controller.

http://www.cisco.com/en/US/docs/wireless/controller/4.0/configuration/guide/c40sol.htm

l


Actions

This Discussion

 

 

Trending Topics - Security & Network