NETGEAR WNDAP620 Network Router User Manual

Open as PDF

of 172

Management and Monitoring

ProSafe Premium 3 x 3 Dual-Band Wireless-N Access Point WNDAP620

Unauthenticated

association

• Attack. Multiple unauthenticated association requests (5 or

more) that use spoofed MAC addresses of legitimate clients are

sent to the wireless access point.

• R

esult. The client association table overflows, causing

authentication requests from legitimate clients to be denied.

• Solution. T

he oldest clients that are stuck in the authentication

phase are removed from the table.

5 Trap

Association table

verflow

• Attack. Multiple clients (5 or more) that use spoofed MAC

addresses of legitimate clients attempt to connect to the

wireless access point.

• R

esult. The client association table overflows, causing

association requests from legitimate clients to be denied.

• Solution. T

he oldest associations are removed from the table.

5 Trap

Authentication

fail

ure attack

• Attack. Multiple invalid authentication requests (5 or more) that

use the spoofed MAC address of a legitimate client are sent to

the wireless access point.

• R

esult. The client is disconnected from the wireless access

point.

• Solution. Th

e wireless access point determines if the legitimate

client is already connected before processing an authentication

request.

5 Trap

Deauthentication

bro

adcast attack

• Attack. Multiple deauthentication frames (5 or more) that use

the spoofed MAC address of the wireless access point are sent

to legitimate clients.

• R

esult. Clients are disconnected from the wireless access

point.

Note: The IDS detects this attack, but the IPS does not take action

gainst this attack.

5 Trap

Disassociation flood • At

tack. Multiple disassociation frames (5 or more) that use the

spoofed MAC address of the wireless access point are sent to a

legitimate client.

• R

esult. The client is disconnected from the wireless access

point.

Note: The IDS detects this attack, but the IPS does not take action

gainst this attack.

5 Trap

Malformed 802.11

ackets detected

• Detection. Multiple malformed packets (5 or more) are sent to

the wireless access point.

• R

esult. Clients behave unexpectedly or crash.

• Solution. The

wireless access point drops the malformed

packets.

5 Trap

Table 24. IDS/IPS policies and policy rules (continued)

Policy Description Policy Rule

Threshold Notification

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

NETGEAR WNDAP620 Network Router User Manual