Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

609

53-1003099-01

10

10. Select the radio button corresponding to the Sanctioned, Unsanctioned or Neighboring option

for each listed event.

11. Review a description of each event by highlighting it the table and revising the Description

displayed on the right-hand of the screen.

12. The Events List contains the following events to either authorize, unauthorize or interpret as

neighboring for the Advanced WIPS policy:

•

Accidental Association - An authorized station has connected to an unauthorized or
ignored Access Point.

•

Crackable WEP IV - A WEP IV has been detected that could lead to the discovery of the
WEP key.

•

DoS CTS Flood - An excessive number of CTS frames has been detected.

•

DoS Deauthentication - Attack in which deauthentication frames are sent to the wireless
client using the MAC address of the AP to which it is associated. This disrupts the client
connection and may lead it to associate to a fake AP spoofing the real ESSID.

•

DoS Dissassociation - A flood of spoofed disassociation frames have been detected.

•

DoS EAP Failure Spoof - A hacker is sending EAP failure messages to a client using the
spoofed MAC address of the Access Point.

•

DoS EAPOL Logoff Storm - An excessive number of EAPOL Logoff messages has been
detected.

•

DoS RTS Flood - An excessive number of RTS frames has been detected.

•

ESSID Jack Attack - An active attempt to discover a wireless network's ESSID has been
detected.

•

Fake DHCP Server - A rogue DHCP server is suspected of operating on the wireless
network.

•

Fata-Jack - DoS attack using the Fata-Jack tool, which sends fake authentication failed
packets to the wireless client using the spoofed MAC address of the real AP. This leads the
client to drop itself from the WLAN.

•

ID Theft EAPOL Success Spoof -Spoofed EAP success frames have been detected.

•

ID Theft Out-Of-Sequence - Two devices using the same MAC address have been detected
operating in the airspace, resulting in detected wireless frames that are out of sequence.

•

Invalid Channel Advertisement - An AP is advertising an invalid (unused) channel.

•

Invalid Management Frame - Illegal 802.11 management frame has been detected.

•

IPX Detection - Unencrypted IPX traffic has been observed in the wireless network.

•

Monkey Jack Attack - Link-layer Man-in-the-Middle attack in which the wireless client
associates with a fake Access Point which then forwards packets between the client and
the AP. The attacker may then deny service or perform other attacks on the stream of
packets traversing it.

•

NULL Probe Response - Null probe response frames have been detected with destination
of an authorized station.

•

STP Detection - Unencrypted STP traffic has been observed in the wireless network.

•

Unsanctioned AP - Unauthorized activity includes events for devices participating in
unauthorized communication in your airspace.

•

Windows Zero Config Memory Leak - Windows XP system memory leak has been detected.