D-Link DWC-1000 User Manual - Page 287

AP is operating on an illegal channel

Get D-Link DWC-1000 PDF manuals and user guides View all D-Link DWC-1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 287 highlights

Wireless Controller User Manual Manag ed S S ID from a fak e manag ed AP : A h acker may s et u p an A P wit h t h e s ame M A C ad d res s as o ne o f t h e man ag ed A Ps an d co n fig u re it t o s en d o n e o f t h e man ag ed SSIDs . Th is t est ch ecks fo r a v en d or field in t h e b eaco ns wh ich is alway s t ran s mit t ed b y man ag ed A Ps . If t h e v e n d o r field is n o t p res en t , t h en t h e A P is identified as a fake AP. AP wi thout an S S ID: SSID is an o p t io n al field in b eaco n frames . To av o id d et ect io n a h acker may s et u p an A P wit h t h e man ag ed n et wo rk SSID, b u t d is ab le SSID t ran s mis sio n in t h e b eacon frame s . Th e A P wo u ld s till s en d p ro b e res p o n s es t o clien t s t h at s en d p ro b e req u es t s fo r t h e man ag ed SSID fo o lin g t h e clien t s in t o as s o ciat in g wit h t h e h acker's A P. Th is t es t d et ect s an d flag s A Ps t h at t ran s mit b eaco n s wit h o u t t h e SSID field . Th e t es t is au t o mat ically d is ab led if an y o f t h e radios in the profiles are configured not to s end SSID field, which is not reco mmen d ed b ecause it d o es n ot p rov id e an y real s ecu rit y an d d is ab les t h is t es t . Fak e manag ed AP on an i nval i d channel : Th is t es t d et ect s ro g u e A Ps t h at t ran s mit b eacon s fro m t h e s o urce M A C ad d ress o f o n e o f t h e man ag ed A Ps , b u t o n different channel from which the AP is s uppos ed to be operating. Manag ed S S ID detected wi th i ncorrect s ecuri ty : Du rin g RF Scan t h e A P examin es b eaco n frames receiv ed fro m o t h er A Ps an d d et ermin es wh et h er t h e d et ect ed A P is ad v ert isin g an o p en n et work, W EP, o r W PA . If t h e SSID rep o rt ed in t h e RF Scan is o n e o f t h e man ag ed n etwo rks an d it s co nfig u red s ecu rit y n o t mat ch t h e d et ect ed s ecu rit y t h en t h is t es t marks t h e A P as ro g u e. Inval i d S S ID from a manag ed AP : Th is t es t checks wh eth er a kn o wn man ag ed A P is s en d in g an u n exp ect ed SSID. Th e SSID rep o rt ed in t h e RF Scan is co mp ared t o t h e lis t o f all co n fig u red SSIDs t h at are u sed b y t he p ro file as sign ed t o t h e man aged A P. If t h e d et ect ed SSID d o esn 't mat ch an y co n figu red SSID t h en t h e A P is marked as rogue. AP i s operati ng on an i l l eg al channel : Th e p u rpose o f t h is t est is t o d et ect h ackers o r in co rrect ly co n fig ured d evices t hat are o p eratin g o n ch an nels t hat are n o t leg al in the country where the wireles s s ys tem is s et up. Note: In order for the wireles s s y s tem t o d et ect t his t hreat, t h e wireles s n et wo rk mu s t co n t ain o n e o r mo re rad io s t h at o p erat e in s en t ry mo d e. S tandal one AP wi th unexpected confi g urati on : If t h e A P is clas s ified as a kn own s tandalone AP, then the controller checks whether the AP is operating with the exp ect ed co n fig uratio n p aramet ers. Yo u co n fig u re t h e exp ect ed p aramet ers fo r t h e 285

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
Wireless Controller
User Manual
285
Managed SSID from a fake managed AP
: A hacker may set up an AP with the
same MAC address as one of the managed APs and configure it to send one of the
managed SSIDs. This test checks for a vendor field in the beacons which is always
transmitted by managed APs. If the vendor field is not present, then the AP is
identified as a fake AP.
AP without an SSID
: SSID is an optional field in beacon frames. To avoid
detection a hacker may set up an AP with the managed network SSID, but disable
SSID transmission in the beacon frames. The AP would still send probe responses
to clients that send probe requests for the managed SSID fooling the clients into
associating with the hacker's AP. This test detects and flags APs that transmit
beacons without the SSID field. The test is automatically disabled if any of the
radios in the profiles are configured not to send SSID field, which is not
recommended because it does not provide any real security and disables this test.
Fake managed AP on an invalid channel
: This test detects rogue APs that
transmit beacons from the source MAC address of one of the managed APs, but on
different channel from which the AP is supposed to be operating.
Managed SSID detected with incorrect security
: During RF Scan the AP
examines beacon frames received from other APs and determines whether the
detected AP is advertising an open network, WEP, or WPA. If the SSID reported in
the RF Scan is one of the managed networks and its configured security not match
the detected security then this test marks the AP as rogue.
Invalid SSID from a managed AP
: This test checks whether a known managed AP
is sending an unexpected SSID. The SSID reported in the RF Scan is compared to
the list of all configured SSIDs that are used by the profile assigned to the managed
AP. If the detected SSID doesn't match any configured SSID then the AP is marked
as rogue.
AP is operating on an illegal channel
: The purpose of this test is to detect hackers
or incorrectly configured devices that are operating on channels that are not legal in
the country where the wireless system is set up. Note: In order for the wireless
system to detect this threat, the wireless network must contain one or more radios
that operate in sentry mode.
Standalone AP with unexpected configuration
:
If the AP is classified as a known
standalone AP, then the controller checks whether the AP is operating with the
expected configuration parameters. You configure the expected parameters for the