02-17-2014 08:36 AM - edited 07-05-2021 12:12 AM
I would like to know what actions can take a Wireless Lan Controller when one of the register Access Points receives an Authentication, Deauthentication or a Disassociation Flood Attack.
Also i would like to know what can be the best practices to mitigate these attacks.
Thanks a lot.
02-26-2014 01:43 AM
Refer you to Rogue Management, Attack Detection and Threat Mitigation document.
03-07-2015 03:47 AM
The most important thing is to locate the attacker and isolate it.
The attack can be intentional (by an attacker) or unintentional (by problematic WLAN driver or by neighbor rogue WLAN system).
By finding the attack source you decide what will you do:
- if problematic driver fix it or otherwise isolate it.
- if neighbor rogue WLANs contact their admin and ask them to add your WLAN as friendly one.
- if an attacker you decide what you will do. You may call 911
To help locating the attack sources, Cisco provides Mobility Service Engine (MSE):
http://www.cisco.com/c/en/us/products/wireless/mobility-services-engine/index.html
Hope this is useful.
Amjad
Rating useful replies is more useful than saying "Thank you"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide