WLAN_1.3.6.1.4.1.2011.6.139.15.1.1.7 hwWlanWidsSpoofAttackDetectedTrap

Description

WLAN/4/WIDS_DETECT_SPOOF_ATTACK:OID [oid] Detected attack. (Monitor APMAC=[OPAQUE], Device Mac=[OPAQUE], Device channel=[INTEGER], Attack type=[INTEGER], Attack type string=[OCTET])

A spoofing attack was detected.

Attribute

Alarm ID Alarm Severity Alarm Type
1.3.6.1.4.1.2011.6.139.15.1.1.7 Warning environmentalAlarm(6)

Parameters

Name Meaning
OID Indicates the ID of the MIB object.

Monitor APMAC

 Indicates the MAC address of a monitoring AP.
Device Mac Indicates the MAC address of the attacking device.
Device channel Indicates the channel of the attacking device.
Attack type
Indicates the ID of attack type.
  • 12: Spoofed Deauthentication Frame
  • 13: Spoofed Disassociation Frame
  • 18: Other types of spoofing frames
Attack type string Indicates the name of attack type. For details, see attacks corresponding to the attack type IDs.

Impact on the System

None.

Possible Causes

A potential attacker pretended to be an authorized AP and broadcast Deauthentication and Disassociation packets.

Procedure

  1. No action is required. After the monitoring AP reports the alarm to an AC, the AC deletes the attack device.

Related Information

None.

Parent topic: WLAN
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.