Filter
Top Products
Rogue detection and counter measures 641
Nortel WLAN—Security Switch 2300 Series Configuration Guide
IDS log message examples
Table 2 shows examples of the log messages generated by IDS.
Table 2.IDS and DoS log messages
Message Type Example Log Message
Probe message flood Client aa:bb:cc:dd:ee:ff is sending probe message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Authentication
message flood
Client aa:bb:cc:dd:ee:ff is sending authentication message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Null data message
flood
Client aa:bb:cc:dd:ee:ff is sending null data message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame 6
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 6 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame 7
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 7 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame D
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame D message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame E
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame E message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame F
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame F message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Associate request flood Client aa:bb:cc:dd:ee:ff is sending associate request flood on port 2
Reassociate request
flood
Client aa:bb:cc:dd:ee:ff is sending re-associate request flood on port 2
Disassociate request
flood
Client aa:bb:cc:dd:ee:ff is sending disassociate request flood on port 2
Weak WEP
initialization vector
(IV)
Client aa:bb:cc:dd:ee:ff is using weak wep initialization vector.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Decrypt errors Client aa:bb:cc:dd:ee:ff is sending packets with decrypt errors.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Spoofed
deauthentication
frames
Deauthentication frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Spoofed disassociation
frames
Disassociation frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Null probe responses AP aa:bb:cc:dd:ee:ff is sending null probe responses.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Broadcast
deauthentications
AP aa:bb:cc:dd:ee:ff is sending broadcast deauthentications.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.