Netgear WNDAP620 Reference Manual - Page 90
Table 24., IDS/IPS policies and policy rules continued, Attack, Result, Solution, Detection, Policy
View all Netgear WNDAP620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 90 highlights
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Unauthenticated association Association table overflow Authentication failure attack Deauthentication broadcast attack Threshold Notification • Attack. Multiple unauthenticated association requests (5 or 5 more) that use spoofed MAC addresses of legitimate clients are sent to the wireless access point. • Result. The client association table overflows, causing authentication requests from legitimate clients to be denied. • Solution. The oldest clients that are stuck in the authentication phase are removed from the table. Trap • Attack. Multiple clients (5 or more) that use spoofed MAC 5 addresses of legitimate clients attempt to connect to the wireless access point. • Result. The client association table overflows, causing association requests from legitimate clients to be denied. • Solution. The oldest associations are removed from the table. Trap • Attack. Multiple invalid authentication requests (5 or more) that 5 use the spoofed MAC address of a legitimate client are sent to the wireless access point. • Result. The client is disconnected from the wireless access point. • Solution. The wireless access point determines if the legitimate client is already connected before processing an authentication request. Trap • Attack. Multiple deauthentication frames (5 or more) that use 5 the spoofed MAC address of the wireless access point are sent to legitimate clients. • Result. Clients are disconnected from the wireless access point. Trap Note: The IDS detects this attack, but the IPS does not take action against this attack. Disassociation flood • • Attack. Multiple disassociation frames (5 or more) that use the 5 spoofed MAC address of the wireless access point are sent to a legitimate client. Result. The client is disconnected from the wireless access point. Trap Malformed 802.11 packets detected Note: The IDS detects this attack, but the IPS does not take action against this attack. • Detection. Multiple malformed packets (5 or more) are sent to 5 the wireless access point. • Result. Clients behave unexpectedly or crash. • Solution. The wireless access point drops the malformed packets. Trap Management and Monitoring 90