560Rogue Detection and Countermeasures

Table 34: IDS and DoS Log Messages (continued)

Message Type

Example Log Message

Fake AP SSID (when source MAC address is known)

FakeAP SSID attack detected from aa:bb:cc:dd:ee:ff.

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

Fake AP SSID (when

FakeAP BSSID attack detected.

source MAC address is

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

not known)

 

 

 

Spoofed SSID

AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is masquerading our ssid used by

 

aa:bb:cc:dd:ee:fd.

 

Detected by listener aa:bb:cc:dd:ee:fc(port 2, radio 1), channel 11 with

 

RSSI -53.

Wireless bridge

Wireless bridge detected with address aa:bb:cc:dd:ee:ff.

detected

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

 

 

Netstumbler detected

Netstumbler detected from aa:bb:cc:dd:ee:ff.

 

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

Wellenreiter detected

Wellenreiter detected from aa:bb:cc:dd:ee:ff.

 

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

 

 

Ad-hoc client frame

Adhoc client frame detected from aa:bb:cc:dd:ee:ff.

detected

Seen by AP on port 2, radio 1 on channel 11 with RSSI -53 SSID myssid.

 

 

Spoofed AP

AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is being spoofed. Received

 

fingerprint 1122343 does not match our fingerprint 123344.

 

Detected by listener aa:bb:cc:dd:ee:fd(port 2, radio 1), channel 11 with

 

RSSI -53.

Disallowed SSID

AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is not part of ssid-list.

detected

Detected by listener aa:bb:cc:dd:ee:fd(port 2, radio 1), channel 11 with

 

RSSI -53.

AP from disallowed

AP Mac aa:bb:cc:dd:ee:ff(ssid myssid) is not part of vendor-list.

vendor detected

Detected by listener aa:bb:cc:dd:ee:fd(port 2, radio 1), channel 11 with

 

RSSI -53.

Client from disallowed

Client Mac aa:bb:cc:dd:ee:ff is not part of vendor-list. Detected by

vendor detected

listener aa:bb:cc:dd:ee:fd(port 2, radio 1), channel 11 with RSSI -53.

Interfering client seen

Client Mac aa:bb:cc:dd:ee:ff is seen on the wired network by WSS

on wired network

10.1.1.1 on port 3 vlan 2 tag 1. Detected by listener

 

aa:bb:cc:dd:ee:fd(port 2, radio 1), channel 11 with RSSI -53.

320657-A

Page 560
Image 560
Nortel Networks 2300 manual Message Type