Netgear WNDAP660 Reference Manual - Page 90
Table 24., IDS/IPS policies and policy rules, Policy, Description, Policy Rule, Attack, Result
View all Netgear WNDAP660 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 90 highlights
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660 Table 24. IDS/IPS policies and policy rules Policy Description Policy Rule Threshold Notification Authentication flood • • • Attack. Multiple authentication requests (5 or more) that use 5 spoofed MAC addresses of legitimate clients are sent to the wireless access point. Result. The client association table overflows, causing authentication requests from legitimate clients to be denied. Solution. The oldest clients that are stuck in the authentication phase are removed from the table. Trap Association flood • Attack. Multiple association requests (5 or more) that use 5 spoofed MAC addresses of legitimate clients are sent to the wireless access point. • Result. The client association table overflows, causing association requests from legitimate clients to be denied. • Solution. The oldest associations are removed from the table. Trap Unauthenticated association • Attack. Multiple unauthenticated association requests (5 or 5 more) that use spoofed MAC addresses of legitimate clients are sent to the wireless access point. • Result. The client association table overflows, causing authentication requests from legitimate clients to be denied. • Solution. The oldest clients that are stuck in the authentication phase are removed from the table. Trap Association table overflow • Attack. Multiple clients (5 or more) that use spoofed MAC 5 addresses of legitimate clients attempt to connect to the wireless access point. • Result. The client association table overflows, causing association requests from legitimate clients to be denied. • Solution. The oldest associations are removed from the table. Trap Authentication failure attack • Attack. Multiple invalid authentication requests (5 or more) that 5 use the spoofed MAC address of a legitimate client are sent to the wireless access point. • Result. The client is disconnected from the wireless access point. • Solution. The wireless access point determines if the legitimate client is already connected before processing an authentication request. Trap Deauthentication broadcast attack • Attack. Multiple deauthentication frames (5 or more) that use 5 the spoofed MAC address of the wireless access point are sent to legitimate clients. • Result. Clients are disconnected from the wireless access point. Trap Note: The IDS detects this attack, but the IPS does not take action against this attack. Management and Monitoring 90