Three types of countermeasures ( Deauthentication, Blacklisting, Ratelimiting ) are supported on Extreme Wireless WIPS. ( Identifi WIPS )
Deauthentication
prevent authorized stations from associating to AP, or prevent any station from associating to
AP.
[ De-authentication packet from WIPS ]
WIPS are using BSSID of roague AP like below. In below example, Enterasys:a8:c5:38 is not the BSSID of WIPS system, but BSSID of roague AP.
[ Frame header of De-authentication ]
Blacklisting
A station performing specific attack will be removed from network for certain duration configured on the prevention tab
[ configure Blacklisting on Prevention Tab ]
Rate limiting
Once amount of traffic reached to Dos Attack threshold, AP can drop those particular type of frames.
[ configure ratelimit on Prevention tab ] 
No comments:
Post a Comment