We currently have our ZoneDirector set to "Protect my wireless network against excessive wireless requests" under the "Configure > WIPS" menu, which is catching a few clients out following a recently password change.
Does anyone know what ZoneDirector refers to as "excessive"? E.g.: How many failed attempts before the client is blocked, or time between attempts?
When a client gets blocked it isn't appearing under "Configure > Access Control > Blocked Clients". The table is blank, so we're having to wait until the block period has expired. Is there an option I need to enable to make the blocked clients appear in this table?
Also, is it possible to whitelist client MACs to ensure they never get blocked?
Hi Andy, If you weren't temporarily blocking repeated failure attempt clients, they would likely be classified as 'excessive'. I found this blurb in the ZD 9.12 User guide (great reference doc) that explains why the temporarily blocked clients don't appear as 'blocked'.
To configure the DoS protection options: 1 Go to Configure > WIPS. 2 In the Denial of Service (DoS) section, configure the following settings: • Protect my wireless network against excessive wireless requests: If this capability is activated, excessive 802.11 probe request frames and management frames launched by malicious attackers will be discarded. • Temporarily block wireless clients with repeated authentication failures for [ ] seconds: If this capability is activated, any clients that repeatedly fail in attempting authentication will be temporarily blocked for a period of time (10~1200 seconds, default is 30). Clients temporarily blocked by the Intrusion Prevention feature are not added to the Blocked Clients list on the Configure > Access Control page, Blocked Clients section.
Thanks for the information provided. If this is not possible I'm very surprised the option has been omitted, as it seems like it would be a simple feature to implement.
Telling a visiting company director they will need to wait half an hour to access the files and websites they need for an important board meeting can be rather embarrasing, especially when we explain we have limited control over our wireless security system.
Sorry Andy, A 'whitelist' allows authenticated clients to reach a server/service not allowed to the typical member of that WLAN. To insure clients can always access your WLAN, you need to provide them with the PSK for your PSK WLANs, or userid/password for 802.1x or HotSpot, or Guest Pass if using Guest Access, etc. There is no "always allow client MAC" to authenticate, type of feature. Not even for Administrators.
WIPs prevents hackers from running thru a program of trial/error PSK, userid/pws. Normal users, and guests you provide authentication info to, should not be blocked for excessive attempts.