06-16-2009 09:38 AM - edited 07-03-2021 05:43 PM
I was wondering if anybody knows how to prevent these messages and also what it means :
- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.
- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'
06-22-2009 05:33 PM
These IDS signatures ship with the controller as âstandard IDS signaturesâ. You can modify all these signature parameters, as the Controller IDS Parameters section here
https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para
Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.
If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)
06-23-2009 04:30 AM
Have you seen this one before , everything looks fine but this just doesn't go away:
Radius server 192.168.100.219'(port 1813) is deactivated.
Thank you
Vic
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: