Netgear WNDAP660 Reference Manual - Page 91

Table 24., IDS/IPS policies and policy rules continued, Attack, Result, Detection, Solution, Policy

Get Netgear WNDAP660 PDF manuals and user guides View all Netgear WNDAP660 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 91 highlights

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660 Table 24. IDS/IPS policies and policy rules (continued) Policy Description Policy Rule Threshold Notification Disassociation flood • • Attack. Multiple disassociation frames (5 or more) that use the 5 spoofed MAC address of the wireless access point are sent to a legitimate client. Result. The client is disconnected from the wireless access point. Trap Note: The IDS detects this attack, but the IPS does not take action against this attack. Malformed 802.11 packets detected • Detection. Multiple malformed packets (5 or more) are sent to 5 the wireless access point. • Result. Clients behave unexpectedly or crash. • Solution. The wireless access point drops the malformed packets. EAPOL-start attack • Attack. Multiple EAPOL start frames (5 or more) are sent to the 5 wireless access point to initiate the RADIUS authentication process for clients. • Result. Wireless service is disrupted. • Solution. The wireless access point determines if the legitimate clients have already been authenticated before processing EAPOL start frames. EAPOL-logoff attack • • • Attack. Several EAPOL logoff frames (2 or more) that use the 2 spoofed MAC address of a legitimate client are sent to the wireless access point to terminate a RADIUS-authenticated session. Result. The client is disconnected from the wireless access point. Solution. The wireless access point determines if it still receives traffic from the client before disconnecting the client. Premature EAP failure attack • Attack. Several premature EAP failure frames (2 or more) are 2 sent to a legitimate client to suggest RADIUS authentication failure. • Result. The client cannot be authenticated and cannot connect to the wireless access point. Trap Trap Trap Trap Premature EAP success attack Note: The IDS detects this attack, but the IPS does not take action against this attack. • Attack. Several premature EAP success frames (2 or more) are 2 sent to a legitimate client to suggest RADIUS authentication success. • Result. The client cannot be authenticated and cannot connect to the wireless access point. Trap Note: The IDS detects this attack, but the IPS does not take action against this attack. Management and Monitoring 91

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
Management and Monitoring
91
ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP660
Disassociation flood
Attack
. Multiple disassociation frames (5 or more) that use the
spoofed MAC address of the wireless access point are sent to a
legitimate client.
Result
. The client is disconnected from the wireless access
point.
Note:
The IDS detects this attack, but the IPS does not take action
against this attack.
5
Trap
Malformed 802.11
packets detected
Detection
. Multiple malformed packets (5 or more) are sent to
the wireless access point.
Result
. Clients behave unexpectedly or crash.
Solution
. The wireless access point drops the malformed
packets.
5
Trap
EAPOL-start attack
Attack
. Multiple EAPOL start frames (5 or more) are sent to the
wireless access point to initiate the RADIUS authentication
process for clients.
Result
. Wireless service is disrupted.
Solution
. The wireless access point determines if the legitimate
clients have already been authenticated before processing
EAPOL start frames.
5
Trap
EAPOL-logoff attack
Attack
. Several EAPOL logoff frames (2 or more) that use the
spoofed MAC address of a legitimate client are sent to the
wireless access point to terminate a RADIUS-authenticated
session.
Result
. The client is disconnected from the wireless access
point.
Solution
. The wireless access point determines if it still
receives traffic from the client before disconnecting the client.
2
Trap
Premature EAP
failure attack
Attack
. Several premature EAP failure frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
failure.
Result
. The client cannot be authenticated and cannot connect
to the wireless access point.
Note:
The IDS detects this attack, but the IPS does not take action
against this attack.
2
Trap
Premature EAP
success attack
Attack
. Several premature EAP success frames (2 or more) are
sent to a legitimate client to suggest RADIUS authentication
success.
Result
. The client cannot be authenticated and cannot connect
to the wireless access point.
Note:
The IDS detects this attack, but the IPS does not take action
against this attack.
2
Trap
Table 24.
IDS/IPS policies and policy rules (continued)
Policy
Description
Policy Rule
Threshold
Notification