Need help with modifying IDS Sensor in WLC; Null Probe Response problem.
I need help in figuring out how to handle a NULL Probe Response report we are getting from our WCS.
We are getting the following alert from our WCS:
1. Message: IDS 'NULL probe resp 2' Signature attack cleared on AP 'XXXAP_#2' protocol '802.11b/g' on Controller '184.108.40.206'. The Signature description is 'NULL Probe Response - No SSID element'. - Controller Name: XXX-XXXX-XX
1. Message: IDS 'NULL probe resp 2' Signature attack detected on AP 'XXXAP#2' protocol '802.11b/g' on Controller '220.127.116.11'. The Signature description is 'NULL Probe Response - No SSID element', with precedence '3'. The attacker's mac address is 'ac:86:74:1e:15:5f', channel number is '5', and the number of detections is '1'. - Controller Name: XXX-XXXX-XX.
Is this something to be concerned with in terms of a potential attack, or should I ignore these types of emails?
The IDS signatures are stored in a file called wlc-sig_std.sig. That file can be edited via GUI by navigating to Security > Wireless Protection Policy > Standard Signatures. The links that you shared contain links to Cisco documentation that leave out the important parts of the documentation. The only way to get that documentation is to pull the existing signatures from the WLC using Commands > Upload File. Read that file for details on the syntax, then adjust your values in the GUI. I've attached a text document with the standard signature file.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...