https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283730#M24247 <HTML><HEAD></HEAD><BODY><P>These IDS signatures ship with the controller as â&#128;&#156;standard IDS signaturesâ&#128;&#157;. You can modify all these signature parameters, as the Controller IDS Parameters section here</P><P><A class="jive-link-custom" href="https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para" target="_blank">https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para</A></P><P></P><P>Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.</P><P>If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)</P><P></P></BODY></HTML> Tue, 23 Jun 2009 00:33:23 GMT smahbub 2009-06-23T00:33:23Z https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283729#M24246 <P>I was wondering if anybody knows how to prevent these messages and also what it means :</P><P>- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.</P><P></P><P>- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'</P> Sun, 04 Jul 2021 00:43:38 GMT https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283729#M24246 Victor Fabian 2021-07-04T00:43:38Z https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283730#M24247 <HTML><HEAD></HEAD><BODY><P>These IDS signatures ship with the controller as â&#128;&#156;standard IDS signaturesâ&#128;&#157;. You can modify all these signature parameters, as the Controller IDS Parameters section here</P><P><A class="jive-link-custom" href="https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para" target="_blank">https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para</A></P><P></P><P>Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.</P><P>If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)</P><P></P></BODY></HTML> Tue, 23 Jun 2009 00:33:23 GMT https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283730#M24247 smahbub 2009-06-23T00:33:23Z https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283731#M24248 <HTML><HEAD></HEAD><BODY><P>Have you seen this one before , everything looks fine but this just doesn't go away:</P><P></P><P>Radius server 192.168.100.219'(port 1813) is deactivated.</P><P></P><P>Thank you</P><P></P><P>Vic</P></BODY></HTML> Tue, 23 Jun 2009 11:30:25 GMT https://community.cisco.com/t5/wireless/wcs-alarms/m-p/1283731#M24248 Victor Fabian 2009-06-23T11:30:25Z