Filter
Top Products
Feature Command Trap Syslog ID
377
ids general-profile
signature-quiet-time
Detecting an 802.11n 40MHz Intolerance Setting
When a client sets the HT capability “intolerant bit” to indicate that it is unable to participate in a 40MHz BSS,
the AP must use lower data rates with all of its clients. Network administrators often want to know if there are
devices that are advertising 40MHz intolerance, as this can impact the performance of the network.
Detecting Active 802.11n Greenfield Mode
When 802.11 devices use the HT operating mode, they can not share the same channel as 802.11a/b/g stations. Not
only can they not communicate with legacy devices, the way they use the transmission medium is different, which
would cause collisions, errors and retransmissions.
Detecting Ad hoc Networks
An ad hoc network is a collection of wireless clients that form a network amongst themselves without the use of an
AP. As far as network administrators are concerned, ad hoc wireless networks are uncontrolled. If they do not use
encryption, they may expose sensitive data to outside eavesdroppers. If a device is connected to a wired network and
has bridging enabled, an ad-hoc network may also function like a rogue AP. Additionally, ad-hoc networks can expose
client devices to viruses and other security vulnerabilities. For these reasons, many administrators choose to prohibit
ad-hoc networks.
Detecting an Ad hoc Network Using a Valid SSID
If an unauthorized ad hoc network is using the same SSID as an authorized network, a valid client may be tricked
into connecting to the wrong network. If a client connects to a malicious ad hoc network, security breaches or
attacks can occur.
Detecting an AP Flood Attack
Fake AP is a tool that was originally created to thwart wardrivers by flooding beacon frames containing hundreds of
different addresses. This would appear to a wardriver as though there were hundreds of APs in the area, thus
concealing the real AP. An attacker can use this tool to flood an enterprise or public hotspots with fake AP beacons
to confuse legitimate users and to increase the amount of processing need on client operating systems.
Detecting AP Impersonation
In AP impersonation attacks, the attacker sets up an AP that assumes the BSSID and ESSID of a valid AP. AP
impersonation attacks can be done for man-in-the-middle attacks, a rogue AP attempting to bypass detection, or a
honeypot attack.
Detecting AP Spoofing
An AP Spoofing attack involves an intruder sending forged frames that are made to look like they are from a
legitimate AP. It is trivial for an attacker to do this, since tools are readily available to inject wireless frames with
any MAC address that the user desires. Spoofing frames from a legitimate AP is the foundation of many wireless
attacks.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide WirelessIntrusion Prevention | 374