Controller Based WLANs

What type of 802.11 infrastructure attacks can be detected with ArubaOS 6.0 with WIDS 2.0?

by on ‎07-05-2014 02:32 AM

Product and Software: This article applies to all Aruba controllers and ArubaOS 6.0 and later.



These types of 802.11 infrastructure attacks can be detected with ArubaOS 6.0 with WIDS 2.0.


Adhoc Using Valid SSID

  • A client in an adhoc network beacons a reserved valid SSID.
  • This attack is detected by comparing the SSID in the client's beacons with a user-configured list of valid or protected SSIDs.

Broadcast-Disassociation Detection

  • The attacker can disconnect all stations by sending disassociation frames to the broadcast address (FF:FF:FF:FF:FF:FF).
  • This attack is detected using a predefined signature.

CTS/RTS Flood Attack Detection

  • The attacker transmits numerous RTS/CTS frames to launch a DOS attack.
  • This attack is detected if the number of RTS/CTS frames crosses a user-defined threshold within a user-defined time period.

Fake Client Attack Detection

  • Fake AP tools are used to generate many fake clients that fill the user tables.
  • This attack is detected if the number of clients stays above a user-defined threshold for a user-defined time period.

Wellenreiter Detection

  • This tool is a passive wireless network discovery tool that is used to build AP lists.
  • The tool can use active probes for "default SSIDs".
  • This attack is detected using a predefined signature.
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.