356
DWS-1008 User’s Manual
D-Link Systems, Inc.
Rogue Detection and Countermeasures
Enabling AP Signatures
An AP signature is a set of bits in a management frame sent by an AP that identifies that AP to
MSS. If someone attempts to spoof management packets from a D-Link AP, MSS can detect
the spoof attempt.
AP signatures are disabled by default. To enable or disable them, use the following
command:
set rfdetect signature
{
enable
|
disable
}
The command applies only to APs managed by the switch on which you enter the
command.
Disabling or Reenabling Logging of Rogues
By default, a DWS-1008 switch generates a log message when a rogue is detected or
disappears. To disable or reenable the log messages, use the following command:
set
rfdetect
log
{
enable
|
disable
}
To display log messages on a switch, use the following command:
show log
buffer
Enabling Rogue and Countermeasures Notifications
By default, all SNMP notifications (informs or traps) are disabled. To enable or disable
notifications for rogue detection, Intrusion Detection System (IDS), and Denial of Service
(DoS) protection, configure a notification profile that sends all the notification types for these
features.
IDS and DoS Alerts
MSS can detect illegitimate network access attempts and attempts to disrupt network service.
In response, MSS generates messages and SNMP notifications. The following sections
describe the types of attacks and security risks that MSS can detect.
Note:
To detect DoS attacks, active scan must be enabled.