Specifications
ADVANCED-WIPS-POLICY 10 - 5
fake-dhcp-server-detected This event occurs when a fake DHCP server is detected in the controlled network
A fake or rogue DHCP server is a type of man in the middle attack where DHCP services
are provide by an unauthorized DHCP server compromising the integrity of the wireless
controller managed network.
fata-jack-detected This event occurs when a FATA-jack exploit is detected in the wireless controller
managed network
FATA-jack is a tool in the AirJack suite that forces an AP to disassociate a valid client.
This exploit uses a spoofed authentication frame with an invalid authentication
algorithm number of 2. The attacker sends an invalid authentication frame with the
wireless client’s MAC, forcing the AP to return a deauth to the client.
id-theft-eapol-success-
spoof-detected
This event occurs when an EAPOL success spoof is detected
In this DoS attack, the attacker keeps the client from providing its credentials through
the EAP-response packet by sending a EAP-success packet. Since the client is unable to
provide its credentials, it cannot be authenticated and therefore cannot access the
wireless network.
id-theft-out-of-sequence This event occurs when an out of sequence packet is received
This indicates a wireless client has been spoofed and is sending a packet out of
sequence with the packet sent by the real wireless client.
ipx-detection This event occurs when Novell’s Internetwork Packet Exchange (IPX) packets are
detected
monkey-jack-attack-detected This event occurs when a monkey-jack attack is detected
Monkey-jack is a tool in the AirJack suite that enables an attacker to deauthenticate all
wireless clients from an AP, and then insert itself between the AP and the wireless
clients.
multicast-all-routers-on-
subnet
This event occurs when a sanctioned device detects multicast packets to all routers on
the subnet
multicast-all-systems-on-
subnet
This event occurs when a sanctioned device detects multicast packets to all systems on
the subnet
multicast-dhcp-server-relay-
agent
This event occurs when a sanctioned device detects a DHCP server relay agent in the
network
multicast-hsrp-agent This event occurs when a sanctioned device detects a Hot Standby Router Protocol
(HSRP) agent in the network
multicast-igmp-detection This event occurs when a sanctioned device detects multicast Internet Group
Management Protocol (IGMP) packets
multicast-igrp-routers-
detection
This event occurs when a sanctioned device detects multicast Interior Gateway Routing
Protocol (IGRP) packets
multicast-ospf-all-routers-
detection
This event occurs when a sanctioned device detects multicast Open Shortest Path First
(OSPF) packets
multicast-ospf-designated-
routers-detection
This event occurs when a sanctioned device detects multicast OSPF routers in the
network