Filter
Top Products
638 Rogue detection and counter measures
NN47250-500 (320657-F Version 02.01)
Disabling or reenabling logging of rogues
By default, a WSS generates a log message when a rogue is detected or disappears. To disable or reenable the log
messages, use the following command:
set rfdetect log {enable | disable}
To display log messages on a switch, use the following command:
show log buffer
(This command has optional parameters. For complete syntax information, see the Nortel WLAN Security Switch 2300
Series Command Line Reference.)
Enabling rogue and countermeasures notifications
By default, all SNMP notifications (informs or traps) are disabled. To enable or disable notifications for rogue detection,
Intrusion Detection System (IDS), and Denial of Service (DoS) protection, configure a notification profile that sends all
the notification types for these features. (For syntax information and an example, see “Configuring a notification profile”
(page 158).)
IDS and DoS alerts
WSS Software can detect illegitimate network access attempts and attempts to disrupt network service. In response,
WSS Software generates messages and SNMP notifications. The following sections describe the types of attacks and
security risks that WSS Software can detect.
For examples of the log messages that WSS Software generates when DoS attacks or other security risks are detected,
see “IDS log message examples” (page 641).
For information about the notifications, see “Configuring a notification profile” (page 158).
Flood attacks
A flood attack is a type of Denial of Service attack. During a flood attack, a rogue wireless device attempts to overwhelm
the resources of other wireless devices by continuously injecting management frames into the air. For example, a rogue
client can repeatedly send association requests to try to overwhelm APs that receive the requests.
The threshold for triggering a flood message is 100 frames of the same type from the same MAC address, within a
one-second period. If WSS Software detects more than 100 of the same type of wireless frame within one second, WSS
Software generates a log message. The message indicates the frame type, the MAC address of the sender, the listener
(AP and radio), channel number, and RSSI.
Note. To detect DoS attacks, Scheduled RF Scanning must be enabled. (See “Disabling
or reenabling Scheduled RF Scanning” (page 637).)