Nortel 2350 用户指南
Rogue detection and counter measures 641
Nortel WLAN—Security Switch 2300 Series Configuration Guide
IDS log message examples
shows examples of the log messages generated by IDS.
Table 2.IDS and DoS log messages
Message Type
Example Log Message
Probe message flood
Client aa:bb:cc:dd:ee:ff is sending probe message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Authentication
message flood
message flood
Client aa:bb:cc:dd:ee:ff is sending authentication message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Null data message
flood
flood
Client aa:bb:cc:dd:ee:ff is sending null data message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame 6
flood
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 6 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame 7
flood
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame 7 message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame D
flood
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame D message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame E
flood
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame E message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Management frame F
flood
flood
Client aa:bb:cc:dd:ee:ff is sending rsvd mgmt frame F message flood.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Associate request flood Client aa:bb:cc:dd:ee:ff is sending associate request flood on port 2
Reassociate request
flood
flood
Client aa:bb:cc:dd:ee:ff is sending re-associate request flood on port 2
Disassociate request
flood
flood
Client aa:bb:cc:dd:ee:ff is sending disassociate request flood on port 2
Weak WEP
initialization vector
(IV)
initialization vector
(IV)
Client aa:bb:cc:dd:ee:ff is using weak wep initialization vector.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Decrypt errors
Client aa:bb:cc:dd:ee:ff is sending packets with decrypt errors.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Spoofed
deauthentication
frames
deauthentication
frames
Deauthentication frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Spoofed disassociation
frames
frames
Disassociation frame from AP aa:bb:cc:dd:ee:ff is being spoofed.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Null probe responses
AP aa:bb:cc:dd:ee:ff is sending null probe responses.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Broadcast
deauthentications
deauthentications
AP aa:bb:cc:dd:ee:ff is sending broadcast deauthentications.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.
Seen by AP on port 2, radio 1 on channel 11 with RSSI -53.