MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

191

192

193

194

195

196

197

198

199

200

• Deauthentication broadcast attack in progress

• Authentication flood attack in progress

• EAPOL Logoff flood attack in progress

• EAPOL Start flood attack in progress

• Premature EAP Success attack in progress

• Premature EAP Failure attack in progress

• Beacon packet with large Contention Free Period (CFP) duration detected

• PS-Poll attack in progress

IDS modes

Three modes of operation are available:

• AP mode: In this mode, besides offering client services, background scanning is performed

on the operating channel (0.5% of the time by default). Although limited in scope compared

to a full spectrum scan, threat detection time for many threats (DoS threats in particular) is

short because the AP is monitoring the active channel. To configure a radio to operate in this

mode, make the following settings on the Radio configuration page:

◦ Set Wireless mode to Access Point.

◦ Under Neighborhood scanning, set Scan ratio to a low value (0.5% is the default).

• Dedicated IDS mode: In this mode, no client services are offered and radio is dedicated for

IDS capabilities. By default, active scanning takes place on both the 2.4 GHz and 5 GHz

bands (it can be limited to a single band if required). To configure a radio to operate in this

mode, make the following setting on the Radio configuration page:

◦ Set Wireless mode to Monitor.

• Hybrid mode: In this mode, significant time time-slicing takes place so client services and IDS

capabilities can be offered simultaneously. Scanning of non-operating channels takes place

within the allocated time-slice. To configure a radio to operate in this mode, make the following

settings on the Radio configuration page:

◦ Set Wireless mode to Access Point.

◦ Under Neighborhood scanning, set Scan ratio to a value that provides the rogue detection

time you need with the smallest possible effect on performance. A good starting point

would be a ratio between 5% and 10%, and then increase if needed.

In hybrid mode, the radio transmits a CTS-to-self frame just before it goes off-channel. This

frame is an indication to client devices that they should not send frames to the radio. This

reduces (somewhat) the impact of the radio being non-responsive during the off-channel

dwell-time.

Voice traffic is particularly sensitive to an unresponsive radio, so in hybrid mode, the off-channel

scanning is disabled completely while voice traffic is active on the radio.

IDS determines whether voice traffic is active by monitoring the QoS queues used for the voice

access category (AC_VO).

198 Intrusion detection system (IDS)