I am receiving on my WLC alarm form IDS about "authentication flood attack"
"IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: xxxx"
I put that MAC into disabled clients database but I am still receiving that alarm.
How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.