11-05-2013 11:25 AM - edited 07-04-2021 01:13 AM
Hello
I am receiving on my WLC alarm form IDS about "authentication flood attack"
"IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: xxxx"
I put that MAC into disabled clients database but I am still receiving that alarm.
How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.
regards
Darek
11-06-2013 12:03 AM
11-06-2013 09:08 AM
Hello
Thank You for that. I will analyse it ASAP.
I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.
regards
Darek
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: