D-Link DWC-2000-AP32-LIC User Manual - Page 219

De-Authentication Attacks

Get D-Link DWC-2000-AP32-LIC PDF manuals and user guides View all D-Link DWC-2000-AP32-LIC manuals
Add to My Manuals
Save this manual to your list of manuals

Page 219 highlights

Section 7 - Viewing Status and Statistics Field MAC Address SSID Physical Mode Channel Age Status Description Ethernet MAC address of the detected access point. This could be a physical radio interface or VAP MAC. The wireless name (Service Set Identifier) of the network, which is broadcast in the detected beacon frame. The 802.11 mode used on the access point. Transmit channel of the access point. Time since this access point was last detected in an RF scan. Status entries for this page are collected at a point in time and eventually age out. The age value for each entry shows how long ago the wireless controller recorded the entry. Managed status of the access point. The valid values are: • Managed = Neighbor access point is managed by the wireless system. • Standalone = Access point is managed in standalone mode and configured as a valid AP entry (local or RADIUS). • Rogue = Access point is classified as a threat by one of the threat detection algorithms. • Unknown = Access point is detected in the network but is not classified as a threat by the threat detection algorithms. De-Authentication Attacks Path: Status > Wireless Information > Access Point > De-Authentication Attacks The AP De-Authentication Attack page contains information about rogue APs that the Cluster Controller has attacked by using the de‐authentication attack feature. The wireless controller can protect against rogue APs by sending de‐authentication messages to the rogue AP. The de‐authentication attack feature must be globally enabled in order for the wireless system to do this function. Make sure that no legitimate APs are classified as rogues before enabling the attack feature. This feature is disabled by default. The wireless system can conduct the de‐authentication attack against 16 APs at the same time. The intent of this attack is to serve as a temporary measure until the rogue AP is located and disabled. The de‐authentication attack is not effective for all rogue types, and therefore is not used on every detected rogue. The following rogues are not subjected to the attack: • If the detected rogue is spoofing the BSSID of the valid managed AP then the wireless system does not attempt to use the attack because that attack may deny service to a legitimate AP and provide another avenue for a hacker to attack the system. • The de-authentication attack is not effective against Ad hoc networks because these networks do not use authentication. • The APs operating on channels outside of the country domain are not attacked because sending any traffic on illegal channels is against the law. The wireless controller maintains a list of BSSIDs against which it is conducting a de‐authentication attack. The controller sends the list of BSSIDs and channels on which the rogue APs are operating to every managed AP. D-Link DWC-2000 User Manual 219

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
D-Link DWC-2000 User Manual
219
Section 7 - Viewing Status and Statistics
Path: Status > Wireless Information > Access Point > De-Authentication Attacks
The AP De-Authentication Attack page contains information about rogue APs that the Cluster Controller has
attacked by using the de‐authentication attack feature. The wireless controller can protect against rogue APs
by sending de‐authentication messages to the rogue AP. The de‐authentication attack feature must be globally
enabled in order for the wireless system to do this function. Make sure that no legitimate APs are classified as
rogues before enabling the attack feature. This feature is disabled by default.
The wireless system can conduct the de‐authentication attack against 16 APs at the same time. The intent of this
attack is to serve as a temporary measure until the rogue AP is located and disabled.
The de‐authentication attack is not effective for all rogue types, and therefore is not used on every detected
rogue. The following rogues are not subjected to the attack:
• If the detected rogue is spoofing the BSSID of the valid managed AP then the wireless system does not
attempt to use the attack because that attack may deny service to a legitimate AP and provide another
avenue for a hacker to attack the system.
• The de-authentication attack is not effective against Ad hoc networks because these networks do not
use authentication.
• The APs operating on channels outside of the country domain are not attacked because sending any
traffic on illegal channels is against the law.
The wireless controller maintains a list of BSSIDs against which it is conducting a de‐authentication attack. The
controller sends the list of BSSIDs and channels on which the rogue APs are operating to every managed AP.
Field
Description
MAC Address
Ethernet MAC address of the detected access point. This could be a physical
radio interface or VAP MAC.
SSID
The wireless name (Service Set Identifier) of the network, which is broadcast
in the detected beacon frame.
Physical Mode
The 802.11 mode used on the access point.
Channel
Transmit channel of the access point.
Age
Time since this access point was last detected in an RF scan. Status entries for
this page are collected at a point in time and eventually age out. The age value
for each entry shows how long ago the wireless controller recorded the entry.
Status
Managed status of the access point. The valid values are:
• Managed = Neighbor access point is managed by the wireless system.
• Standalone = Access point is managed in standalone mode and
configured as a valid AP entry (local or RADIUS).
Rogue = Access point is classified as a threat by one of the threat detection
algorithms.
• Unknown = Access point is detected in the network but is not classified
as a threat by the threat detection algorithms.
De-Authentication Attacks