×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Authentication flood attack

Unanswered Question
Nov 5th, 2013
User Badges:

Hello


I am receiving on my WLC alarm form IDS about "authentication flood attack"


"IDS Signature attack detected. Signature Type: Standard, Name: Auth  flood, Description: Authentication Request flood, Track: per-signature,  Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits:  500, Channel: 11, srcMac: xxxx"


I put that MAC into disabled clients database but I am still receiving that alarm.

How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.


regards

Darek

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
dszendol Wed, 11/06/2013 - 09:08
User Badges:

Hello

Thank You for that. I will analyse it ASAP.

I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.

regards

Darek

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode