Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-Airwave

Dell PowerConnect W-AirWave 7.4 | Configuration Guide Configuration Reference | 89

3. Select Add or Save. The added or edited Denial of Service profile appears on the IDS > Denial of Service

profiles page.

Profiles > IDS > Denial of Service > Rate Threshold

The IDS rate threshold profile defines thresholds assigned to the different frame types for rate anomaly checking.

A profile of this type is attached to each of the following 802.11 frame types in the IDS Denial of Service profile:

Detect AP Flood Attack No Enables or disables the detection of flooding with fake AP beacons to confuse

legitimate users and to increase the amount of processing need on client operating

systems.

AP Flood Threshold 50 Sets the number of Fake AP beacons that must be received within the Flood Increase

Time to trigger an alarm.

AP Flood Increase Time 3 Sets the time, in seconds, during which a configured number of Fake AP beacons must

be received to trigger an alarm.

AP Flood Detection

Quiet Time

900 After an alarm has been triggered by a Fake AP flood, the time (in seconds) that must

elapse before an identical alarm may be triggered.

Detect Client Flood

Attack

No Enable/disable detection of client flood attack. There are fake AP tools that can be used

to attack wireless intrusion detection itself by generating a large

number of fake clients that fill internal tables with fake information. If successful, it

overwhelms the wireless intrusion system, resulting in a DoS. Requires a Wireless

Intrusion Protection license or an RFprotect license and a minimum version of 6.0.0.0.

Client Flood Threshold 150 Threshold for the number of spurious clients in the system. Requires a Wireless

Intrusion Protection license or an RFprotect license and a minimum version of 6.0.0.0

Client Flood Increase

Time

3 Number of consecutive seconds over which the client count is more than the threshold.

Requires a Wireless Intrusion Protection license or an RFprotect license and a minimum

version of 6.0.0.0

Client Flood Detection

Quiet Time

900 Time to wait, in seconds, after detecting a client flood before continuing the check.

Requires a Wireless Intrusion Protection license or an RFprotect license and a minimum

version of 6.0.0.0

Detect EAP Rate

Anomaly

No Enables or disables Extensible Authentication Protocol (EAP) handshake analysis to

detect an abnormal number of authentication procedures on a channel and generates

an alarm when this condition is detected.

EAP Rate Thresholds 60 Sets the number of EAP handshakes that must be received within the EAP Rate Time

Interval to trigger an alarm.

EAP Rate Time Interval 3 Sets the time, in seconds, during which the configured number of EAP handshakes must

be received to trigger an alarm.

EAP Rate Quiet Time 900 After an alarm has been triggered, sets the time (in seconds) that must elapse before

another identical alarm may be triggered.

Detect Rate Anomalies No Enables or disables detection of rate anomalies.

Detect 802.11n 40MHz

Intolerance Setting

Yes Enables or disables detection of 802.11n 40 MHz intolerance setting, which controls

whether stations and APs advertising 40 MHz intolerance will be reported.

Client 40 MHz

Intolerance Detection

Quiet Time

900 Controls the quiet time (when to stop reporting intolerant STAs if they have not been

detected), in seconds, for detection of 802.11n 40 MHz intolerance setting.

Table 37 Profiles > IDS > Denial of Service Profile Settings (Continued)

Field Default Description