Hello,
We had an issue with a customer with an iPad who were experiencing intermittent connectivity to the wifi network.
Looking at this goodput and indicated that he had none basically. They were very low.
SNR was about 10. He was on CH 40, HT.
We did notice a block ack attack that was detected during the time he was experiencing his issues.
I need to know if this attack was the absolute cause of the issue as we only have 1 trap detected of this event for this user.
Would such a low SNR produce this type of IDS event? or are they un-related and there truly was some source inteference or attack that produced this event.
Please keep in mind that this a corporate environment, downtown urban city on the 5th floor of an office building
Here are the details of the trap. (mac addresses were changed)
10/17/2012 12:16 PM
wlsxBlockAckAttackDetected wlsxTrapAPMacAddress.0: D8:C7:C8:YY:XX:ZZ,
wlsxTrapReceiverMac.0: D8:C7:C8:YY:XX:ZZ, wlsxTrapSnr.0: 10,
wlsxTrapAPLocation.0: correlated-DV-C-199B-05-AP01, wlsxTrapAPChannel.0:
40, wlsxTrapTargetAPBSSID.0: D8:C7:C8:YY:XX:ZZ, wlsxTrapAPRadioNumber.0:
1, wlsxTrapTime: 10/17/2012 12:37:49 UTC-4, wlsxTrapSourceMac.0:
DE:AD:BE:EF:CA:FE
How would I protect against it?