5-109
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring IDS
•
EAPOL flood signature
—During an EAPOL flood attack, a hacker floods the air with EAPOL
frames containing 802.1X authentication requests. As a result, the 802.1X authentication server
cannot respond to all of the requests and fails to send successful authentication responses to valid
clients. The result is a denial of service to all affected clients. When the EAPOL flood signature
(precedence 12) is used to detect such an attack, the access point waits until the maximum number
of allowed EAPOL packets is exceeded. It then alerts the controller and proceeds with the
appropriate mitigation.
•
NetStumbler signatures
—NetStumbler is a wireless LAN scanning utility that reports access point
broadcast information (such as operating channel, RSSI information, adapter manufacturer name,
SSID, WEP status, and the latitude and longitude of the device running NetStumbler when a GPS is
attached). If NetStumbler succeeds in authenticating and associating to an access point, it sends a
data frame with the following strings, depending on the NetStumbler version:
When a NetStumbler signature is used to detect such an attack, the access point identifies the
offending device and alerts the controller. The NetStumbler signatures include:
–
NetStumbler 3.2.0 (precedence 13)
–
NetStumbler 3.2.3 (precedence 14)
–
NetStumbler 3.3.0 (precedence 15)
–
NetStumbler generic (precedence 16)
A standard signature file exists on the controller by default. You can upload this signature file from the
controller, or you can create a custom signature file and download it to the controller or modify the
standard signature file to create a custom signature. You can configure signatures through either the GUI
or the CLI.
Using the GUI to Configure IDS Signatures
You must follow these instructions to configure signatures using the controller GUI:
•
Uploading or downloading IDS signatures,
•
Enabling or disabling IDS signatures,
•
Viewing IDS signature events,
Version
String
3.2.0
“Flurble gronk bloopit, bnip Frundletrune”
3.2.3
“All your 802.11b are belong to us”
3.3.0
Sends white spaces