Detecting Wellenreiter

Wellenreiter is a passive wireless network discovery tool that is used to compile a list of APs along with their MAC address, SSID, channel, security setting in the vicinity. It passively sniffs wireless traffic and with certain version (versions 1.4, 1.5, and 1.6) sends active probes that target known default SSIDs.

Understanding Client Intrusion Detection

Generally, clients are more vulnerable to attacks than APs. Clients are more apt to associate with a malignant AP due to the client’s driver behavior or to a misconfigured client. It is important to monitor authorized clients to track their associations and to track any attacks raised against the client.Client attack detection is categorized as:

Detecting attacks against Dell APs clients—An attacker can perform an active DOS attack against an associated client, or perform a replay attack to obtain the keys of transmission which could lead to more serious attacks.

Monitoring Authorized clients—Since clients are easily tricked into associating with unauthorized APs, tracking all misassociations of authorized clients is very important.

An authorized client is a client authorized to use the WLAN network. In ArubaOS, an authorized client is called a valid-client. ArubaOS automatically learns a valid client. A client is determined to be valid if it is associated to an authorized or valid AP using encryption; either Layer 2 or IPSEC.

NOTE: Detection of attacks is limited to valid clients and clients associated to valid APs. Clients that are associated as guests using unencrypted association are included in the attack detection. However, clients on neighboring (interfering) APs are not tracked for attack detection unless they are specified as valid.

Table 106 presents a summary of the client intrusion detection features with their related commands, traps, and syslog identification. Details of each feature follow the table.

Table 106: Client Detection Summary

Feature

Command

Trap

Syslog ID

"Detecting a Block

ids-dos-profile

wlsxBlockAckAttackDetected

126087, 127087

ACK DoS" on page

detect-block-ack-attack

 

 

379

block-ack-quiet-time

 

 

 

 

 

 

"Detecting a

ids-dos-profile

wlsxChopChopAttackDetected

126078, 127078

ChopChop Attack" on

detect-chopchop-attack

 

 

page 379

chopchop-quiet-time

 

 

 

 

 

 

"Detecting a

ids dos-profile <name>

wlsxNDisconnectStationAttack

126035, 127035

Disconnect Station

detect-disconnect-sta

 

 

Attack " on page 379

disconnect-sta-quiet-time

 

 

 

disconnect-sta-assoc-resp-threshold

 

 

 

disconnect-deauth-disassoc-threshold

 

 

 

 

 

 

"Detecting an EAP

ids-dos-profile

wlsxEAPRateAnomaly

126032, 127032

Rate Anomaly" on

detect-eap-rate-anomaly

 

 

page 379

eap-rate-threshold

 

 

 

eap-rate-time-interval

 

 

 

eap-rate-quiet-time

 

 

 

 

 

 

"Detecting a FATA-

ids dos-profile

wlsxFataJackAttackDetected

126072, 127072

Jack Attack Structure"

detect-fatajack-attack

 

 

on page 379

fatajack-attack-quiet-time

 

 

 

 

 

 

377 Wireless Intrusion Prevention

Dell PowerConnect W-Series ArubaOS 6.2 User Guide

Page 376 Page 378
Page 377
Image 377
Dell 6.2 manual Understanding Client Intrusion Detection, Detecting Wellenreiter
Page 376 Page 378

6.2 specifications

Dell 6.2 is an advanced enterprise solution that caters to the needs of businesses seeking robust performance and efficiency. As a part of Dell's commitment to innovation, the 6.2 series combines cutting-edge technologies and features that enhance productivity and deliver reliable computing experiences.

One of the standout features of the Dell 6.2 is its impressive processing power. Equipped with the latest Intel processors, it offers exceptional speed and multitasking capabilities. This allows businesses to run demanding applications effortlessly, making it ideal for data-intensive tasks such as data analysis, software development, and virtualization. The series also supports substantial RAM configurations, enabling users to manage extensive workloads without experiencing slowdowns.

In terms of storage, the Dell 6.2 line includes advanced SSD options that significantly boost data access speeds compared to traditional hard drives. This rapid access to information is vital for businesses that require quick retrieval of large datasets. Furthermore, the devices support RAID configurations, which enhances data redundancy and security, protecting critical business information from loss.

Connectivity is another critical aspect of the Dell 6.2 series. It includes multiple USB ports, HDMI outputs, and high-speed Ethernet options, ensuring that users can easily connect to various peripherals and networks. The integration of Wi-Fi 6 technology enables faster wireless connections, resulting in improved internet speeds and bandwidth efficiency, which is crucial in today’s increasingly connected workplaces.

Dell has also prioritized security in the 6.2 series. It features enhanced biometric authentication and advanced encryption methods, safeguarding sensitive data from unauthorized access. Additionally, the system's BIOS protection and automatic updates provide an added layer of security, ensuring that the device remains safe from emerging threats.

The design of the Dell 6.2 is not only sleek and modern but also built for durability. Its robust chassis is engineered to withstand the rigors of daily use, making it suitable for various business environments. This durability ensures that the investment in Dell 6.2 will last for years while maintaining performance integrity.

In summary, the Dell 6.2 series embodies a blend of speed, storage efficiency, connectivity, and security, making it a top choice for enterprises looking to enhance their computing capabilities. With its modern features and durable design, Dell 6.2 is positioned as a reliable partner in driving business success.
Top Page Image Contents