Reference Guide
Parameter Description Range Default
the incorrect channel
detect-hotspotter
Enable/disable detection of the Hotspotter attack
to lure away valid clients.
— disable
hotspotter-quiet-time
Time to wait in seconds after detecting an
attempt to Use the Hotspotter tool against
clients.
60-360000
seconds
900
seconds
no
Negates any configured parameter. — —
protect-ap-impersonation
When AP impersonation is detected, both the
legitimate and impersonating AP are disabled
using a denial of service attack.
— false
Usage Guidelines
A successful man-in-the-middle attack will insert an attacker into the data path between the client and the AP. In
such a position, the attacker can delete, add, or modify data, provided he has access to the encryption keys. Such an
attack also enables other attacks that can learn a client’s authentication credentials. Man-in-the-middle attacks often
rely on a number of different vulnerabilities.
Example
The following command enables detections in the impersonation profile:
(host) (config) #ids impersonation-profile floor1
(host) (IDS Impersonation Profile "floor1") #detect-beacon-wrong-channel
(host) (IDS Impersonation Profile "floor1") #detect-ap-impersonation
Command History
Version Modification
ArubaOS 3.0 Command Introduced
ArubaOS 3.4 detect-sequence-anomaly, sequence-diff, sequence-quiet-time, sequence-time-tolerance parameters
deprecated.
ArubaOS 6.0 Deprecated predefined profiles and added numerous Impersonation profile options
Deprecated Predefined Profiles
IDS Impersonation profile:
l ids-impersonation-disabled
l ids-impersonation-high-setting
Command Information
Platform License Command Mode
Available on all platforms Requires the RFprotect license Config mode on master controllers
Dell PowerConnect W-Series ArubaOS 6.2 | Reference Guide ids impersonation-profile | 293