Dell PowerConnect W-Airwave W-Airwave 7.2 Configuration Guide - Page 86

Table 33 Profiles > IDS > Impersonation Settings (Continued) Field Default Description Protect from AP No Impersonation Beacon Diff Threshold 50 (0-100%) When AP impersonation is detected, use this control to set both the legitimate and impersonating AP to be disabled using a denial of service attack. Set the percentage increase in beacon rate that triggers an AP impersonation alert. Beacon Increase Wait 3 Time (0-360000 sec) Detect Sequence No Anomaly Set the time, in seconds, after the Beacon Diff Threshold is crossed before an AP impersonation event is generated. Enable or disable detection of anomalies between sequence numbers seen in 802.11 frames. During an impersonation attack, the attacker may spoof the MAC address of a client or AP - if two devices are active on the network with the same MAC address, the sequence numbers in the frames will not match since the sequence number is generated by NIC firmware. Sequence Number of 300 Difference (0-100000) Set the maximum allowable tolerance between sequence numbers within the Sequence Number Time Tolerance period. Sequence Number Time 300 Tolerance (0-360000 sec) Time, in seconds, during which sequence numbers must exceed the Sequence Number Difference value for an alarm to be triggered. Sequence Number Quiet Time (60-360000 sec) 900 After an alarm has been triggered, the time (in seconds) that must elapse before another identical alarm may be triggered. Detect AP Spoofing Yes Whether to detect AP Spoofing. NOTE: Requires a WIDS license. AP Spoofing Quiet Time 900 Time to wait, in seconds, after a spoofing attempt to resume the check. Detect Beacon Wrong No Channel Beacon Wrong Channel 900 Detection Quiet Time Detect Hotspotter No Attack Hotspotter Quiet Time 900 Enable/disable detection of beacons advertising the incorrect channel. Time to wait in seconds after detecting an attempt of beacons advertising the incorrect channel, after which the check can be resumed. Enable/disable detection of the Hotspotter attack to lure away valid clients. Time to wait in seconds after detecting an attempt to use the Hotspotter tool against clients. 3. Select Add or Save. The added or edited Impersonation profile appears on the Profiles > IDS > Impersonation page. Profiles > IDS > Unauthorized Device Unauthorized device detection includes the ability to detect and disable rogue APs and other devices that can potentially disrupt network operations. The most important IDS functionality offered in the Dell PowerConnect W system is the ability to classify an AP as either a rogue AP or an interfering AP. An AP is considered to be a rogue AP if it is both unauthorized and plugged into the wired side of the network. An AP is considered to be an interfering AP if it is seen in the RF environment but is not connected to the wired network. While the interfering AP can potentially cause RF 86 | Dell PowerConnect W Configuration Reference Dell PowerConnect W AirWave 7.2 | Configuration Guide