Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WLC Deauthentication flood attack

I would like to know what actions can take a Wireless Lan Controller when one of the register Access Points receives an Authentication, Deauthentication or a Disassociation Flood Attack.

Also i would like to know what can be the best practices to mitigate these attacks.

Thanks a lot.

Everyone's tags (4)
2 REPLIES

WLC Deauthentication flood attack

Refer you to Rogue Management, Attack Detection and Threat Mitigation document.

https://supportforums.cisco.com/docs/DOC-21899

WLC Deauthentication flood attack

The most important thing is to locate the attacker and isolate it.

The attack can be intentional (by an attacker) or unintentional (by problematic WLAN driver or by neighbor rogue WLAN system).

 

By finding the attack source you decide what will you do:

- if problematic driver fix it or otherwise isolate it.

- if neighbor rogue WLANs contact their admin and ask them to add your WLAN as friendly one.

- if an attacker you decide what you will do. You may call 911

 

To help locating the attack sources, Cisco provides Mobility Service Engine (MSE):

http://www.cisco.com/c/en/us/products/wireless/mobility-services-engine/index.html

 

Hope this is useful.

 

Amjad

 

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
1753
Views
9
Helpful
2
Replies
CreatePlease to create content