08-19-2009 01:04 AM - edited 07-03-2021 05:57 PM
Hi there
will a WLC recognize some injections by an hacking tool (ex. Airsnort oder Aircrack) via the IDS basic feature? I'm sorry for this question, but at the moment I'm not able to test it.
What else would be necessary for this issue?
Thanks a lot and regards
Dominic
Solved! Go to Solution.
08-27-2009 01:33 AM
IDS is very sensitive so it may detect any attacks from outside.
We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.
There will for example be a auth / de auth flood while it tries to get the IV from the headers.
08-25-2009 05:56 AM
Version 5.0 of the Cisco IDS introduces the ability to configure deny actions when policy violations (signatures) are detected. Based on user configuration at the IDS/IPS system, a shun request can be sent to a firewall, router, or WLC in order to block the packets from a particular IP address.
With the Cisco Unified Wireless Network Software Release 4.0 for Cisco Wireless Controllers, a shun request needs to be sent to a WLC in order to trigger the client blacklisting or exclusion behavior available on a controller. The interface the controller uses to get the shun request is the command and control interface on the Cisco IDS.
08-27-2009 01:10 AM
Thanks for your answer. But this solution requires a seperate IDS system, right? My question is, is it possible to detect this with the WLC and it's own IDS signatures?
08-27-2009 01:33 AM
IDS is very sensitive so it may detect any attacks from outside.
We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.
There will for example be a auth / de auth flood while it tries to get the IV from the headers.
08-28-2009 02:52 AM
Hi Lavramov
Thanks, I will try to reproduce this.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: