06-16-2009 09:38 AM - edited 07-03-2021 05:43 PM
I was wondering if anybody knows how to prevent these messages and also what it means :
- IDS 'Auth flood' Signature attack cleared on AP 'PF2_AP6' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'Authentication Request flood'.
- IDS 'NULL probe resp 1' Signature attack cleared on AP 'N6_AP9' protocol '802.11b/g' on Controller '192.168.2.10'. The Signature description is 'NULL Probe Response - Zero length SSID element'
06-22-2009 05:33 PM
These IDS signatures ship with the controller as âstandard IDS signaturesâ. You can modify all these signature parameters, as the Controller IDS Parameters section here
https://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a008063e5d0.shtml#para
Flood is generated by AP mac belonging to ML02. It is IDS triggering incorrectly, or something else, a wireless sniffer trace will prove 100%.
If you use MFP, instead of ap auth, then you can know if this was sent by spoofing tool, or by AP. (MFP may generate issues with old Intel clients)
06-23-2009 04:30 AM
Have you seen this one before , everything looks fine but this just doesn't go away:
Radius server 192.168.100.219'(port 1813) is deactivated.
Thank you
Vic
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide