Netgear WNDAP620 Reference Manual - Page 91
Attack, Result, Solution, Policy, Description, Policy Rule, Premature EAP
View all Netgear WNDAP620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification EAPOL-start attack • Attack. Multiple EAPOL start frames (5 or more) are sent to the 5 wireless access point to initiate the RADIUS authentication process for clients. • Result. Wireless service is disrupted. • Solution. The wireless access point determines if the legitimate clients have already been authenticated before processing EAPOL start frames. Trap EAPOL-logoff attack • • • Attack. Several EAPOL logoff frames (2 or more) that use the 2 spoofed MAC address of a legitimate client are sent to the wireless access point to terminate a RADIUS-authenticated session. Result. The client is disconnected from the wireless access point. Solution. The wireless access point determines if it still receives traffic from the client before disconnecting the client. Trap Premature EAP failure attack • Attack. Several premature EAP failure frames (2 or more) are 2 sent to a legitimate client to suggest RADIUS authentication failure. • Result. The client cannot be authenticated and cannot connect to the wireless access point. Trap Premature EAP success attack Note: The IDS detects this attack, but the IPS does not take action against this attack. • Attack. Several premature EAP success frames (2 or more) are 2 sent to a legitimate client to suggest RADIUS authentication success. • Result. The client cannot be authenticated and cannot connect to the wireless access point. Trap CTS flood RTS flood Note: The IDS detects this attack, but the IPS does not take action against this attack. • Attack. Multiple clear-to-send (CTS) frames (60 or more) are 60 sent to the wireless access point. • Result. Wireless service is disrupted. • Solution. The wireless access point sends a channel change frame to the legitimate clients and uses automatic channel selection to switch to a new clear channel. • Attack. Multiple request-to-send (RTS) frames (60 or more) are 60 sent to the wireless access point. • Result. Wireless service is disrupted. • Solution. The wireless access point sends a channel change frame to the legitimate clients and uses automatic channel selection to switch to a new clear channel. Trap Trap Management and Monitoring 91