Variable | Description | Default |
<wids-profile_name> | Enter a name for this WIDS profile. | No default. |
comment <comment_str> | Optionally, enter a descriptive comment. | No default. |
asleap-attack {enable | disable} | Enable to detect asleap attack (attempt to crack LEAP security). | disable |
assoc-frame-flood {enable | disable} | Enable to detect association frame flood attack. | disable |
auth-frame-flood {enable | disable} | Enable to detect authentication frame flood attack. | disable |
deauth-broadcast {enable | disable} | Enable to detect deauthentication broadcasts which can disrupt wireless services to multiple clients. | disable |
eapol-fail-flood {enable | disable} | Enable to detect EAP FAIL flood attack. | disable |
eapol-fail-intv <int> | Set EAP FAIL detection interval. | 1 |
eapol-fail-thres <int> | Set EAP FAIL detection threshold. | 10 |
eapol-logoff-flood {enable | disable} | Enable to detect EAP LOGOFF flood attack. | disable |
eapol-logoff-intv <int> | Set EAP LOGOFF detection interval. | 1 |
eapol-logoff-thres <int> | Set EAP LOGOFF detection threshold. | 10 |
eapol-pre-fail-flood {enable | disable} | Enable to detect EAP premature FAIL flood attack. | disable |
eapol-pre-fail-intv <int> | Set EAP premature FAIL detection interval. | 1 |
eapol-pre-fail-thres <int> | Set EAP premature FAIL detection threshold. | 10 |
eapol-pre-succ-flood {enable | disable} | Enable to detect EAP premature SUCC flood attack. | disable |
eapol-pre-succ-intv <int> | Set EAP premature SUCC detection interval. | 1 |
eapol-pre-succ-thres <int> | Set EAP premature SUCC detection threshold. | 10 |
eapol-start-flood {enable | disable} | Enable to detect EAP START flood attack. | disable |
eapol-start-intv <int> | Set EAP START detection interval. | 1 |
eapol-start-thres <int> | Set EAP START detection threshold. | 10 |
eapol-succ-flood {enable | disable} | Enable to detect EAP SUCC flood attack. | disable |
eapol-succ-intv <int> | Set EAP SUCC detection interval. | 1 |
eapol-succ-thres <int> | Set EAP SUCC detection threshold. | 10 |
invalid-mac-oui {enable | disable} | Enable to detect use of spoofed MAC addresses. (The first three bytes should indicate a known manufacturer.) | disable |
long-duration-attack {enable | disable} | Enable for long duration attack detection based on long‑duration‑thresh. | disable |
long-duration-thresh <int> | Enter the duration in usec for long-duration attack detection. This is available when long-duration-attack is enable. | 8200 |
null-ssid-probe-resp {enable | disable} | Detect attacks that include an incorrectly formed response packets that include a null SSID. This attack can cause wireless clients to crash. | disable |
spoofed-deauth {enable | disable} | Enable to detect spoofed deathentication packets. | disable |
weak-wep-iv {enable | disable} | Enable to detect APs using weak WEP encryption. | disable |
wireless-bridge {enable | disable} | Enable to detect wireless bridge operation, which is suspicious if your network doesn’t use a wireless bridge. | disable |