Feature Command Trap Syslog ID
377
idsgeneral -profile
signature-quiet-time
Detecting an 802.11n 40MHz Intolerance Sett ing
Whena client set s the HT capability “intolerant bi t” to indicate that it is unableto partic ipate ina 4 0MHzBSS,
the AP must use lower data rates with all of its clients. Network administrators often want to know if there are
devices that are advertising 40MHz intolerance,as this can impact the performanceof the network.
Detecting Active 802.11n Greenf ield Mode
When80 2.11 devices use the HT operating mode,t heycan not share the same channel as 802.11a/b/g stations. Not
only can they not communicate with legacy devices, the way they use the transmission mediumi s different,which
wouldc ausec ollisions, errorsand retransmissions.
Detecting Ad hoc Netw orks
An ad hoc network is a collection of wireless clients that form a network amongst themselves without the use of an
AP. As far as network administrators are concerned,ad hoc wireless networks are uncontrolled.If they do not use
encryption, they may exposesensit ive data to outside eavesdroppers.I fa devi ce is connected to a wired network and
has bridgingenabled, an ad-hoc networkmay also function like a rogue AP. Additionally, ad-hoc networkscan expose
client devices to virusesand other security vulnerabilities. For thesereasons, many administrators choose to prohibit
ad-hoc networks.
Detecting an Ad hoc Netw orkU sing a Valid SSID
If an unauthorizedad hoc networki s using the same SSID as an authorized network, a valid client may be tricked
into connecting to the wrong network. If a client connects to a malicio us ad hoc network, security breacheso r
attacks can occur.
Detecting an AP Flood At tack
Fake AP is a too l that was originally created to thwart wardrivers by flooding beacon frames containing hundreds of
differentaddresses. This would appear to a wardriveras though there were hundreds of APs in the area, thus
concealingt hereal AP. An att ackercan use this too lt o floodan enterprise or public hotspots with fake AP beacons
to confuse legitimate usersand to increase the amount of processingneed on client operating systems.
Detecting AP Impersonati on
In AP impersonation attacks, the attacker sets up an AP that assumes the BSSID and ESSID of a valid AP. AP
impersonation attacks can be done for man-in-the-middleat tacks, a rogue AP attempting to bypass detect ion, or a
honeypot attack.
Detecting AP Spoofi ng
An AP Spoofing attack involves an intruders endingforged frames that are made to look like they are froma
legitimate AP. It is trivial for an attackerto do this, since too lsare readily available to inject wireless frameswit h
any MAC addresst hat the userdesires. Spoofing frames from a legitimate AP is the foundation of many wireless
attacks.
DellPowerConnect W- Series ArubaOS 6.2 | UserGuide WirelessIntrusionPr evention |374