https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353889#M69008 <HTML><HEAD></HEAD><BODY><P>Hello</P><P>Thank You for that. I will analyse it ASAP.</P><P><SPAN style="font-size: 10pt;">I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.</SPAN></P><P><SPAN style="font-size: 10pt;">regards</SPAN></P><P><SPAN style="font-size: 10pt;">Darek</SPAN></P></BODY></HTML> Wed, 06 Nov 2013 17:08:08 GMT dszendol 2013-11-06T17:08:08Z https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353887#M69006 <P style="margin: 0cm; margin-bottom: .0001pt;">Hello</P><P></P><P style="margin: 0cm 0cm 0.0001pt;">I am receiving on my WLC alarm form IDS about "authentication flood attack"</P><P></P><P>"<SPAN style="font-size: 10pt;">IDS Signature attack detected. Signature Type: Standard, Name: Auth&nbsp; flood, Description: Authentication Request flood, Track: per-signature,&nbsp; Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits:&nbsp; 500, Channel: 11, srcMac: xxxx"</SPAN></P><P></P><P style="margin: 0cm 0cm 0.0001pt;">I put that MAC into disabled clients database but I am still receiving that alarm.</P><P style="margin: 0cm 0cm 0.0001pt;">How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.</P><P></P><P>regards</P><P>Darek</P> Sun, 04 Jul 2021 08:13:08 GMT https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353887#M69006 dszendol 2021-07-04T08:13:08Z https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353888#M69007 <HTML><HEAD></HEAD><BODY><P>HI,</P><P> Use this:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml">http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml</A></P><P></P><P></P><P>Regards</P></BODY></HTML> Wed, 06 Nov 2013 08:03:39 GMT https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353888#M69007 Sandeep Choudhary 2013-11-06T08:03:39Z https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353889#M69008 <HTML><HEAD></HEAD><BODY><P>Hello</P><P>Thank You for that. I will analyse it ASAP.</P><P><SPAN style="font-size: 10pt;">I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.</SPAN></P><P><SPAN style="font-size: 10pt;">regards</SPAN></P><P><SPAN style="font-size: 10pt;">Darek</SPAN></P></BODY></HTML> Wed, 06 Nov 2013 17:08:08 GMT https://community.cisco.com/t5/wireless/authentication-flood-attack/m-p/2353889#M69008 dszendol 2013-11-06T17:08:08Z