Cisco Cisco 5520 Wireless Controller 디자인 가이드

Administrators can refer to the above table for general guidance on monitoring and tuning as follows:

Identify a subgroup of critical alarms for your organization to monitor after the internal review with 
the InfoSec and security incident monitoring teams and align the corresponding mitigation plans. 

Focus on alarms with the combination of high severity (above Major) and high fidelity (above High), 
such as Honeypot AP detected signature. Administrators must collect packet traces for further 
validation if necessary and prepare to initiate mitigation effort on these alarms.

DoS: CTS flood

95

Low

Critical

DoS: De-Auth broadcast flood

58

Medium

Critical

DoS: De-Auth flood

59

Medium

Critical

DoS: Dis-Assoc broadcast flood

60

Medium

Critical

DoS: Dis-Assoc flood

61

Medium

Critical

DoS: EAPOL-Logoff attack

53

High

Critical

DoS: EAPOL-Start attack

54

Medium

Critical

DoS: FATA-Jack tool

121

Very high

Critical

DoS: MDK3-Destruction attack (ID:196)

196

Very high

Critical

DoS: Premature EAP-Failure

57

High

Critical

DoS: Premature EAP-Success

56

High

Critical

DoS: Probe request flood

187

Low

Warning

DoS: PS-Poll flood

108

Medium

Critical

DoS: RTS flood

157

Low

Critical

DoS: Virtual Carrier attack

112

High

Critical

EAP attack against 802.1x authentication

117

High

Major

Fake APs detected

89

Medium

Major

Honeypot AP detected

118

Very high

Major

Hotspotter tool detected

124

High

Major

Identical send and receive address

178

High

Warning

Improper broadcast frames

179

High

Warning

Karma tool detected (ID:197)

197

High

Major

Karmetasploit Attack detected (ID:214)

214

High

Major

Probe Request Fuzzed Frame Detected 
(ID:219)

219

Medium

Major

Probe Response Fuzzed Frame Detected 
(ID:220)

220

Medium

Major

Soft AP or host AP detected

99

Medium

Major

Spoofed MAC address detected

35

High

Major

WEP IV key reused

2

High

Major

WiFiTap tool detected (ID:198)

198

High

Major