Functionalities supported, Wids attack detection, Flood attack detection – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

469

Figure 501 Taking countermeasures against rogue devices

Functionalities supported

The rogue detection feature supports the following functionalities:

•

RF monitoring in different channels

•

Rogue AP detection

•

Rogue client detection

•

Ad hoc network detection

•

Wireless bridge detection

•

Countermeasures against rogue devices, clients and ad hoc networks

WIDS attack detection

The WIDS attack detection function detects intrusions or attacks on a WLAN network, and informs the

network administrator of the attacks through recording information or sending logs. WIDS detection
supports detection of the following attacks:

•

Flood attack

•

Spoofing attack

•

Weak IV attack

Flood attack detection

A flood attack refers to the case where WLAN devices receive large volumes of frames of the same kind

within a short span of time. When this occurs, the WLAN devices get overwhelmed and are unable to

service normal clients.
WIDS attacks detection counters flood attacks by constantly keeping track of the density of traffic
generated by each device. When the traffic density of a device exceeds the limit, the device is

considered flooding the network and, if the dynamic blacklist feature is enabled, will be added to the

blacklist and forbidden to access the WLAN for a period of time.
WIDS inspects the following types of frames:

•

Authentication requests and de-authentication requests