Weak wep key used by client, Disallowed devices or ssids, Displaying statistics counters – 3Com WX4400 3CRWX440095A User Manual

IDS and DoS Alerts

587

Weak WEP Key Used

by Client

A weak initialization vector (IV) makes a WEP key easier to hack. MSS
alerts you regarding clients who are using weak WEP IVs so that you can
strengthen the encryption on these clients or replace the clients.

Disallowed Devices or

SSIDs

You can configure the following types of lists to explicitly allow specific
devices or SSIDs:

„

Permitted SSID list—MSS generates a message if an SSID that is not on
the list is detected.

„

Permitted vendor list—MSS generates a message if an AP or wireless
client with an OUI that is not on the list is detected.

„

Client black list—MSS prevents clients on the list from accessing the
network through a WX switch. If the client is placed on the black list
dynamically by MSS due to an association, reassociation or
disassociation flood, MSS generates a log message.

By default, these lists are empty and all SSIDs, vendors, and clients are
allowed. For more information, see “Summary of Rogue Detection
Features” on page 573.

Displaying Statistics

Counters

To display IDS and DoS statistics counters, use the display rfdetect
counters commands. (See “Displaying Statistics Counters” on
page 587.)

IDS Log Message

Examples

Table 49 shows examples of the log messages generated by IDS.

Table 49 IDS and DoS Log Messages

Message Type

Example Log Message

Probe message flood

Client aa:bb:cc:dd:ee:ff is sending probe message flood.

Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.

Authentication
message flood

Client aa:bb:cc:dd:ee:ff is sending authentication message
flood.

Seen by AP on port 2, radio 1 on channel 11 with RSSI
-53.

Null data message
flood

Client aa:bb:cc:dd:ee:ff is sending null data message
flood.

Seen by AP on port 2, radio 1 on channel 11 with
RSSI -53.