Functionalities supported, Wids attack detection, Flood attack detection – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 485
469
Figure 501 Taking countermeasures against rogue devices
Functionalities supported
The rogue detection feature supports the following functionalities:
•
RF monitoring in different channels
•
Rogue AP detection
•
Rogue client detection
•
Ad hoc network detection
•
Wireless bridge detection
•
Countermeasures against rogue devices, clients and ad hoc networks
WIDS attack detection
The WIDS attack detection function detects intrusions or attacks on a WLAN network, and informs the
network administrator of the attacks through recording information or sending logs. WIDS detection
supports detection of the following attacks:
•
Flood attack
•
Spoofing attack
•
Weak IV attack
Flood attack detection
A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind
within a short span of time. When this occurs, the WLAN devices get overwhelmed and are unable to
service normal clients.
WIDS attacks detection counters flood attacks by constantly keeping track of the density of traffic
generated by each device. When the traffic density of a device exceeds the limit, the device is
considered flooding the network and, if the dynamic blacklist feature is enabled, will be added to the
blacklist and forbidden to access the WLAN for a period of time.
WIDS inspects the following types of frames:
•
Authentication requests and de-authentication requests