3Com WX2200 3CRWX220095A Switch User Manual


 
IDS and DoS Alerts 587
Weak WEP Key Used
by Client
A weak initialization vector (IV) makes a WEP key easier to hack. MSS
alerts you regarding clients who are using weak WEP IVs so that you can
strengthen the encryption on these clients or replace the clients.
Disallowed Devices or
SSIDs
You can configure the following types of lists to explicitly allow specific
devices or SSIDs:
Permitted SSID list—MSS generates a message if an SSID that is not on
the list is detected.
Permitted vendor list—MSS generates a message if an AP or wireless
client with an OUI that is not on the list is detected.
Client black list—MSS prevents clients on the list from accessing the
network through a WX switch. If the client is placed on the black list
dynamically by MSS due to an association, reassociation or
disassociation flood, MSS generates a log message.
By default, these lists are empty and all SSIDs, vendors, and clients are
allowed. For more information, see “Summary of Rogue Detection
Features” on page 573.
Displaying Statistics
Counters
To display IDS and DoS statistics counters, use the display rfdetect
counters commands. (See “Displaying Statistics Counters” on
page 587.)
IDS Log Message
Examples
Table 49 shows examples of the log messages generated by IDS.
Table 49 IDS and DoS Log Messages
Message Type Example Log Message
Probe message flood Client aa:bb:cc:dd:ee:ff is sending probe message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.
Authentication
message flood
Client aa:bb:cc:dd:ee:ff is sending authentication message
flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.
Null data message
flood
Client aa:bb:cc:dd:ee:ff is sending null data message
flood.
Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.