564 Rogue Detection and Countermeasures
320657-A
Displaying Rogue Detection Counters
To display rogue detection statistics counters, use the following command:
show rfdetect counters
The command shows counters for rogue activity detected by the WSS switch on which you enter the command.
23x0# show rfdetect counters
Type Current Total
-------------------------------------------------- ------------ ------------
Rogue access ports 0 0
Interfering access ports 139 1116
Rogue 802.11 clients 0 0
Interfering 802.11 clients 4 347
802.11 adhoc clients 0 1
Unknown 802.11 clients 20 965
Interfering 802.11 clients seen on wired network 0 0
802.11 probe request flood 0 0
802.11 authentication flood 0 0
802.11 null data flood 0 0
802.11 mgmt type 6 flood 0 0
802.11 mgmt type 7 flood 0 0
802.11 mgmt type d flood 0 0
802.11 mgmt type e flood 0 0
802.11 mgmt type f flood 0 0
802.11 association flood 0 0
802.11 reassociation flood 0 0
802.11 disassociation flood 0 0
Weak wep initialization vectors 0 0
Spoofed access point mac-address attacks 0 0
Spoofed client mac-address attacks 0 0
Ssid masquerade attacks 1 12
Spoofed deauthentication attacks 0 0
Spoofed disassociation attacks 0 0
Null probe responses 626 11380
Broadcast deauthentications 0 0
FakeAP ssid attacks 0 0
FakeAP bssid attacks 0 0
Netstumbler clients 0 0
Wellenreiter clients 0 0
Nortel active scans 1796 4383
Wireless bridge frames 196 196
Adhoc client frames 8 0
access ports present in attack-list 0 0
access ports not present in ssid-list 0 0
access ports not present in vendor-list 0 0
Clients not present in vendor-list 0 0
Clients added to automatic black-list 0 0
Note. WSS Software generates log messages for most of these statistics. See “IDS and
DoS Alerts” on page 550.
