3com WXR100 3CRWXR10095A User Manual

A weak initialization vector (IV) makes a WEP key easier to hack. MSS 
alerts you regarding clients who are using weak WEP IVs so that you can 
strengthen the encryption on these clients or replace the clients.

You can configure the following types of lists to explicitly allow specific 
devices or SSIDs:

„

Permitted SSID list—MSS generates a message if an SSID that is not on 
the list is detected.

„

Permitted vendor list—MSS generates a message if an AP or wireless 
client with an OUI that is not on the list is detected.

„

Client black list—MSS prevents clients on the list from accessing the 
network through a WX switch. If the client is placed on the black list 
dynamically by MSS due to an association, reassociation or 
disassociation flood, MSS generates a log message.

By default, these lists are empty and all SSIDs, vendors, and clients are 
allowed. For more information, see “Summary of Rogue Detection 
Features” on page 573.

To display IDS and DoS statistics counters, use the display rfdetect 
counters commands. (See “Displaying Statistics Counters” on 
page 587.)

Table 49 shows examples of the log messages generated by IDS. 

Table 49   IDS and DoS Log Messages

Probe message flood

Client aa:bb:cc:dd:ee:ff is sending probe message flood. 

Seen by AP on port 2, radio 1 on channel 11 with RSSI 
-53.

Authentication 
message flood

Client aa:bb:cc:dd:ee:ff is sending authentication message 
flood. 

Seen by AP on port 2, radio 1 on channel 11 with RSSI 
-53.

Null data message 
flood

Client aa:bb:cc:dd:ee:ff is sending null data message 
flood. 

Seen by AP on port 2, radio 1 on channel 11 with 
RSSI -53.