This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
- Community
- RUCKUS Technologies
- RUCKUS Lennar Support
- Community Services
- RTF
- RTF Community
- Australia and New Zealand – English
- Brazil – Português
- China – 简体中文
- France – Français
- Germany – Deutsch
- Hong Kong – 繁體中文
- India – English
- Indonesia – bahasa Indonesia
- Italy – Italiano
- Japan – 日本語
- Korea – 한국어
- Latin America – Español (Latinoamérica)
- Middle East & Africa – English
- Netherlands – Nederlands
- Nordics – English
- North America – English
- Poland – polski
- Russia – Русский
- Singapore, Malaysia, and Philippines – English
- Spain – Español
- Taiwan – 繁體中文
- Thailand – ไทย
- Turkey – Türkçe
- United Kingdom – English
- EOL Products
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- RUCKUS Forums
- EOL Products
- ZD
- DoS Criteria and Clients not showing in "Blocked C...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
DoS Criteria and Clients not showing in "Blocked Clients" table.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2015 10:14 AM
Hi All,
We currently have our ZoneDirector set to "Protect my wireless network against excessive wireless requests" under the "Configure > WIPS" menu, which is catching a few clients out following a recently password change.
Does anyone know what ZoneDirector refers to as "excessive"? E.g.: How many failed attempts before the client is blocked, or time between attempts?
When a client gets blocked it isn't appearing under "Configure > Access Control > Blocked Clients". The table is blank, so we're having to wait until the block period has expired. Is there an option I need to enable to make the blocked clients appear in this table?
Also, is it possible to whitelist client MACs to ensure they never get blocked?
Model: ZD1125, Version 9.8.0.0 build 373.
Any help would be greatly appreciated.
Thanks,
Andy
We currently have our ZoneDirector set to "Protect my wireless network against excessive wireless requests" under the "Configure > WIPS" menu, which is catching a few clients out following a recently password change.
Does anyone know what ZoneDirector refers to as "excessive"? E.g.: How many failed attempts before the client is blocked, or time between attempts?
When a client gets blocked it isn't appearing under "Configure > Access Control > Blocked Clients". The table is blank, so we're having to wait until the block period has expired. Is there an option I need to enable to make the blocked clients appear in this table?
Also, is it possible to whitelist client MACs to ensure they never get blocked?
Model: ZD1125, Version 9.8.0.0 build 373.
Any help would be greatly appreciated.
Thanks,
Andy
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2015 11:03 AM
Hi Andy,
If you weren't temporarily blocking repeated failure attempt clients, they would likely be classified as 'excessive'.
I found this blurb in the ZD 9.12 User guide (great reference doc) that explains why the temporarily blocked clients
don't appear as 'blocked'.
To configure the DoS protection options:
1 Go to Configure > WIPS.
2 In the Denial of Service (DoS) section, configure the following settings:
• Protect my wireless network against excessive wireless requests: If this
capability is activated, excessive 802.11 probe request frames and management
frames launched by malicious attackers will be discarded.
• Temporarily block wireless clients with repeated authentication failures
for [ ] seconds: If this capability is activated, any clients that repeatedly
fail in attempting authentication will be temporarily blocked for a period of
time (10~1200 seconds, default is 30). Clients temporarily blocked by the
Intrusion Prevention feature are not added to the Blocked Clients list on the
Configure > Access Control page, Blocked Clients section.
If you weren't temporarily blocking repeated failure attempt clients, they would likely be classified as 'excessive'.
I found this blurb in the ZD 9.12 User guide (great reference doc) that explains why the temporarily blocked clients
don't appear as 'blocked'.
To configure the DoS protection options:
1 Go to Configure > WIPS.
2 In the Denial of Service (DoS) section, configure the following settings:
• Protect my wireless network against excessive wireless requests: If this
capability is activated, excessive 802.11 probe request frames and management
frames launched by malicious attackers will be discarded.
• Temporarily block wireless clients with repeated authentication failures
for [ ] seconds: If this capability is activated, any clients that repeatedly
fail in attempting authentication will be temporarily blocked for a period of
time (10~1200 seconds, default is 30). Clients temporarily blocked by the
Intrusion Prevention feature are not added to the Blocked Clients list on the
Configure > Access Control page, Blocked Clients section.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2015 03:28 AM
Hi Michael,
Thanks for the information provided. If this is not possible I'm very surprised the option has been omitted, as it seems like it would be a simple feature to implement.
Telling a visiting company director they will need to wait half an hour to access the files and websites they need for an important board meeting can be rather embarrasing, especially when we explain we have limited control over our wireless security system.
Thanks for the information provided. If this is not possible I'm very surprised the option has been omitted, as it seems like it would be a simple feature to implement.
Telling a visiting company director they will need to wait half an hour to access the files and websites they need for an important board meeting can be rather embarrasing, especially when we explain we have limited control over our wireless security system.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2015 09:42 AM
Sorry Andy,
A 'whitelist' allows authenticated clients to reach a server/service not allowed to
the typical member of that WLAN. To insure clients can always access your WLAN,
you need to provide them with the PSK for your PSK WLANs, or userid/password
for 802.1x or HotSpot, or Guest Pass if using Guest Access, etc. There is no "always
allow client MAC" to authenticate, type of feature. Not even for Administrators.
WIPs prevents hackers from running thru a program of trial/error PSK, userid/pws.
Normal users, and guests you provide authentication info to, should not be blocked for
excessive attempts.
A 'whitelist' allows authenticated clients to reach a server/service not allowed to
the typical member of that WLAN. To insure clients can always access your WLAN,
you need to provide them with the PSK for your PSK WLANs, or userid/password
for 802.1x or HotSpot, or Guest Pass if using Guest Access, etc. There is no "always
allow client MAC" to authenticate, type of feature. Not even for Administrators.
WIPs prevents hackers from running thru a program of trial/error PSK, userid/pws.
Normal users, and guests you provide authentication info to, should not be blocked for
excessive attempts.
Labels
-
DHCP
1 -
IP lease
1 -
license snmp
1 -
Proposed Solution
1 -
Ruckus
1 -
server
1 -
VLAN
1 -
w
1 -
wap
1 -
zone director
1 -
ZoneDirector
1
