cancel
Showing results for 
Search instead for 
Did you mean: 

does anyone ever see this warning : "AP 80211 DOS mgmt flood" and how to resolve this?

nuno_pimentel
Contributor
does anyone ever see this warning : "AP 80211 DOS mgmt flood" and how to resolve this?
3 REPLIES 3

monnat_systems
Valued Contributor II
where you are seeing this message? is it standalone AP or ZD controller SCG/Vscg and which version?

nuno_pimentel
Contributor
in the alarmist of flexmaster, but it's from a ZD3000

saurabh_bhatnag
New Contributor II

Management frames can be manipulated to create various types of DoS attacks. Two common management frame attacks include:

/Spoofed disconnect attach: This occurs when an attacker sends a series of “disassociate” commands to all wireless clients within a BSS. These commands cause all clients to disconnect. When disconnected, the wireless clients immediately try to re-associate, which creates a burst of traffic. The attacker continues sending disassociate frames and the cycle repeats itself.

CTS flood: This occurs when an attacker takes advantage of the CSMA/CA contention method to monopolize the bandwidth and deny all other wireless clients access to the AP. To accomplish this, the attacker repeatedly floods the BSS with Clear to Send (CTS) frames to a bogus STA. All other wireless clients sharing the RF medium receive the CTS and withhold their transmissions until the attacker stops transmitting the CTS frames.

If you are notcing these alerts regularly, yo ucan consider enabling MFP (802.11w) on your controller / controller less deployment. Along with that, there will be predefine values (threshold) and config with respect to IDS.