Authentication flood attack - Cisco Community

2652

Views

0

Helpful

2

Replies

Hello

I am receiving on my WLC alarm form IDS about "authentication flood attack"

"IDS Signature attack detected. Signature Type: Standard, Name: Auth flood, Description: Authentication Request flood, Track: per-signature, Detecting AP Name: AP-xxx, Radio Type: 802.11b/g, Preced: 5, Hits: 500, Channel: 11, srcMac: xxxx"

I put that MAC into disabled clients database but I am still receiving that alarm.

How it is possible. I could understand if it was "deauthentication flood attack" as we can do nothing with that.

regards

Darek

2 Replies 2

HI,

Use this:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml

Regards

Hello

Thank You for that. I will analyse it ASAP.

I forgot that station first must to authenticate and then can associate not opposite. So blocking the MAC will not protect us against authentication flood.

regards

Darek

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Review Cisco Networking products for a $25 gift card