Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WLC basic IDS

Hi there

will a WLC recognize some injections by an hacking tool (ex. Airsnort oder Aircrack) via the IDS basic feature? I'm sorry for this question, but at the moment I'm not able to test it.

What else would be necessary for this issue?

Thanks a lot and regards

Dominic

1 ACCEPTED SOLUTION

Accepted Solutions

Re: WLC basic IDS

IDS is very sensitive so it may detect any attacks from outside.

We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.

There will for example be a auth / de auth flood while it tries to get the IV from the headers.

4 REPLIES
Anonymous
N/A

Re: WLC basic IDS

Version 5.0 of the Cisco IDS introduces the ability to configure deny actions when policy violations (signatures) are detected. Based on user configuration at the IDS/IPS system, a shun request can be sent to a firewall, router, or WLC in order to block the packets from a particular IP address.

With the Cisco Unified Wireless Network Software Release 4.0 for Cisco Wireless Controllers, a shun request needs to be sent to a WLC in order to trigger the client blacklisting or exclusion behavior available on a controller. The interface the controller uses to get the shun request is the command and control interface on the Cisco IDS.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807360fc.shtml#ov2

Community Member

Re: WLC basic IDS

Thanks for your answer. But this solution requires a seperate IDS system, right? My question is, is it possible to detect this with the WLC and it's own IDS signatures?

Re: WLC basic IDS

IDS is very sensitive so it may detect any attacks from outside.

We dont discuss hacking methods, but most likely this will be detected on the network as doing knowned wrong operations when associating to the AP.

There will for example be a auth / de auth flood while it tries to get the IV from the headers.

Community Member

Re: WLC basic IDS

Hi Lavramov

Thanks, I will try to reproduce this.

Regards

336
Views
0
Helpful
4
Replies
CreatePlease to create content