cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1168
Views
0
Helpful
4
Replies

WLC basic IDS

Hi there

will a WLC recognize some injections by an hacking tool (ex. Airsnort oder Aircrack) via the IDS basic feature? I'm sorry for this question, but at the moment I'm not able to test it.

What else would be necessary for this issue?

Thanks a lot and regards

Dominic

1 Accepted Solution

Accepted Solutions

IDS is very sensitive so it may detect any attacks from outside.

We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.

There will for example be a auth / de auth flood while it tries to get the IV from the headers.

View solution in original post

4 Replies 4

Not applicable

Version 5.0 of the Cisco IDS introduces the ability to configure deny actions when policy violations (signatures) are detected. Based on user configuration at the IDS/IPS system, a shun request can be sent to a firewall, router, or WLC in order to block the packets from a particular IP address.

With the Cisco Unified Wireless Network Software Release 4.0 for Cisco Wireless Controllers, a shun request needs to be sent to a WLC in order to trigger the client blacklisting or exclusion behavior available on a controller. The interface the controller uses to get the shun request is the command and control interface on the Cisco IDS.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807360fc.shtml#ov2

Thanks for your answer. But this solution requires a seperate IDS system, right? My question is, is it possible to detect this with the WLC and it's own IDS signatures?

IDS is very sensitive so it may detect any attacks from outside.

We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.

There will for example be a auth / de auth flood while it tries to get the IV from the headers.

Hi Lavramov

Thanks, I will try to reproduce this.

Regards

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: