Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Authentication flood attack

Hello

I am receiving on my WLC alarm form IDS about "authentication flood attack"

"IDS Signature attack detected. Signature Type: Standard, Name: Auth  flood, Description: Authentication Request flood, Track: per-signature,  Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits:  500, Channel: 11, srcMac: xxxx"

I put that MAC into disabled clients database but I am still receiving that alarm.

How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.

regards

Darek

2 REPLIES
VIP Purple

Authentication flood attack

Community Member

Authentication flood attack

Hello

Thank You for that. I will analyse it ASAP.

I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.

regards

Darek

784
Views
0
Helpful
2
Replies
CreatePlease to create content