HI
I've been asked to look why we keep getting these, from what I've read,
When a client is associated to the AP but stops communicating because of card removal, roaming out of range, etc. to the AP, the AP will wait until the idle timeout. Once the idle timeout is reached, the AP sends that client a disassociate frame. When the client does not acknowledge the disassociate frame, the AP retransmits the frame numerous times (around 60 frames). The IDS subsystem of the controller hears these retransmits and alerts with this message.
but this should have been fixed in version 4.0, I'm currently on 8.0.152
Message: IDS 'NULL probe resp 1' Signature attack cleared on AP 'AP_I_03' protocol '802.11b/g' on Controller. The Signature description is 'NULL Probe Response - Zero length SSID element'
Message: IDS 'Deauth flood' Signature attack detected on AP protocol '802.11b/g' on Controller '1. The Signature description is 'Deauthentication flood', with precedence '9'. The attacker's mac address is '50:0f:80:80:15:a0', channel number is '6', and the number of detections is '300'.
Failure Source: WLAN Controller
Message: IDS 'Deauth flood' Signature attack detected on AP protocol '802.11b/g' on Controller The Signature description is 'Deauthentication flood', with precedence '9'. The channel number is '6', the number of detections is '500', and one of potentially several attackers' mac addresses is '50:0f:80:80:15:a0'.
Failure Source: WLAN Controller
Message: IDS 'NULL probe resp 1' Signature attack detected on AP protocol '802.11b/g' on Controller '10.147.95.116'. The Signature description is 'NULL Probe Response - Zero length SSID element', with precedence '2'. The attacker's mac address is '04:32:f4:15:9a:d0', channel number is '1', and the number of detections is '1'.
Failure Source: WLAN Controller
Message: IDS 'Auth flood' Signature attack cleared on AP protocol '802.11b/g' on Controller '10.156.255.116'. The Signature description is 'Authentication Request flood'.
Failure Source: WLAN Controller
