11-05-2013 11:25 AM - edited 07-04-2021 01:13 AM
Hello
I am receiving on my WLC alarm form IDS about "authentication flood attack"
"IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: xxxx"
I put that MAC into disabled clients database but I am still receiving that alarm.
How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.
regards
Darek
11-06-2013 12:03 AM
11-06-2013 09:08 AM
Hello
Thank You for that. I will analyse it ASAP.
I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.
regards
Darek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide