IDS 'NetStumbler generic'

Ibrahim Jamil · ‎02-24-2011

Hi Folks

I Have seen the Below in my WCS as Alarm

IDS 'NetStumbler generic' Signature attack detected on AP 'Roby' protocol '802.11b/g' on Controller 192.168.1.100

Sharath Kattemane Prabhakar · ‎03-22-2011

NetStumbler signatures—NetStumbler is a wireless LAN scanning utility that reports access point broadcast information (such as operating channel, RSSI information, adapter manufacturer name, SSID, WEP status, and the latitude and longitude of the device running NetStumbler when a GPS is attached). If NetStumbler succeeds in authenticating and associating to an access point, it sends a data frame with the following strings, depending on the NetStumbler version

Please do take a look the given link which explains various ID's and thier purpose's.

http://www.cisco.com/en/US/docs/wireless/wcs/5.0/configuration/guide/wcssol.html

Sharath Kattemane Prabhakar · ‎03-22-2011

On further research i found that

There is also bug associated with messages we are seeing .

CSCsi91801:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi91801

Sharath Kattemane Prabhakar · ‎03-22-2011

Please check the mac-addr reported and find out the host ,if its a legitimate client then you can decide on how proceed with false alarms .

==============================
Please rate the post if you find it usefull