Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1304
Views
0
Helpful
2
Replies

WCS Alarms

Victor Fabian
Level 1
Level 1

‎06-16-2009 09:38 AM - edited ‎07-03-2021 05:43 PM

I was wondering if anybody knows how to prevent these messages and also what it means :

- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.

- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'

Labels:
0 Helpful
2 Replies 2

smahbub
Level 6
Level 6

‎06-22-2009 05:33 PM

These IDS signatures ship with the controller as “standard IDS signatures”. You can modify all these signature parameters, as the Controller IDS Parameters section here

https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para

Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.

If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)

0 Helpful

Victor Fabian
Level 1
Level 1
In response to smahbub

‎06-23-2009 04:30 AM

Have you seen this one before , everything looks fine but this just doesn't go away:

Radius server 192.168.100.219'(port 1813) is deactivated.

Thank you

Vic

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card