Create New | Create a new WIDS profile. See “To create a new WIDS profile:”. |
Delete | Select to delete the selected WIDS profiles. See “To delete a WIDS profile:”. |
Import | Select to import WIDS profiles. See “To import a WIDS profile:”. |
Search | Search the WIDS profiles by entering a search term in the search field. |
Name | The profile’s name. |
Comments | Comments about the profile. |
Name | Enter a name for the profile. | |
Comment | Optionally, enter comments. | |
Intrusion Type | The intrusion types that can be detected. See Table 12 for information on the available types. | |
Status | Select the status of the intrusion type (enable it). | |
Threshold | If applicable, enter a threshold for reporting the intrusion. | |
Interval (sec) | If applicable, enter the interval for reporting the intrusion, in seconds. |
Intrusion Type | Description |
Asleap Attack | ASLEAP is a tool used to perform attacks against LEAP authentication. |
Association Frame Flooding | A Denial of Service attack using association requests. The default detection threshold is 30 requests in 10 seconds. |
Authentication Frame Flooding | A Denial of Service attack using association requests. The default detection threshold is 30 requests in 10 seconds. |
Broadcasting De-authentication | This is a type of Denial of Service attack. A flood of spoofed de-authentication frames forces wireless clients to de-authenticate, then re-authenticate with their AP. |
EAPOL Packet Flooding (to AP) | Extensible Authentication Protocol over LAN (EAPOL) packets are used in WPA and WPA2 authentication. Flooding the AP with these packets can be a denial of service attack. Several types of EAPOL packets can be detected: EAPOL-FAIL, EAPOL-LOGOFF, EAPOL-START, and EAPOL-SUCC. |
Invalid MAC OU | Some attackers use randomly-generated MAC addresses. The first three bytes of the MAC address are the Organizationally Unique Identifier (OUI), administered by IEEE. Invalid OUIs are logged. |
Long Duration Attack | To share radio bandwidth, WiFi devices reserve channels for brief periods of time. Excessively long reservation periods can be used as a denial of service attack. You can set a threshold between 1000 and 32 767 microseconds. The default is 8200. |
Null SSID Probe Response | When a wireless client sends out a probe request, the attacker sends a response with a null SSID. This causes many wireless cards and devices to stop responding. |
EAPOL Packet Flooding (to client) | Extensible Authentication Protocol over LAN (EAPOL) packets are used in WPA and WPA2 authentication. Flooding the client with these packets can be a denial of service attack. Two types of EAPOL packets can be detected: EAPOL-FAIL, and EAPOL-SUCC. |
Spoofed De-authentication | Spoofed de-authentication frames form the basis for most denial of service attacks. |
Weak WEP IV Detection | A primary means of cracking WEP keys is by capturing 802.11 frames over an extended period of time and searching for patterns of WEP initialization vectors (IVs) that are known to be weak. WIDS detects known weak WEP IVs in on-air traffic. |
Wireless Bridge | WiFi frames with both the FromDS and ToDS fields set indicate a wireless bridge. This will also detect a wireless bridge that you intentionally configured in your network. |
Import from device | Select a device from which to import the profile or profiles from the drop-down list. This list will include all the devices available in the ADOM. | |
Virtual Domain | Is applicable, select the virtual domain from which the profile will be imported. | |
Available Objects List | The available objects that can be imported. Select an object or objects and then select the down arrow to move the selected object or objects to the Selected Objects List. | |
Selected Objects List | The objects that are to be imported. To remove an object or objects from the list, select the object or objects and then select the up arrow. The selected items will be moved back to the Available Objects List. | |
New Name | Select to create a new name for the item or items that are being imported, and then enter the name in the field. |