Concept Guide

421| ids impersonation-profile Dell Networking W-Series ArubaOS 6.5.x| Reference Guide
Parameter Description Range Default
detect-ap-impersonation
Enables detection of AP impersonation.
In AP impersonation attacks, the
attacker sets up an AP that assumes the
BSSID and ESSID of a valid AP. AP
impersonation attacks can be done for
man-in-the-middle attacks, a rogue AP
attempting to bypass detection, or a
honeypot attack.
true
detect-ap-spoofing
Enable/disable AP Spoofing detection enable
detect-beacon-wrong-channel
Enable/disable detection of beacons
advertising the incorrect channel
disable
detect-hotspotter
Enable/disable detection of the
Hotspotter attack to lure away valid
clients.
disable
hotspotter-quiet-time
Time to wait in seconds after detecting
an attempt to Use the Hotspotter tool
against clients.
60-
360000
second
s
900
second
s
no
Negates any configured parameter.
protect-ap-impersonation
When AP impersonation is detected,
both the legitimate and impersonating
AP are disabled using a denial of service
attack.
false
Usage Guidelines
A successful man-in-the-middle attack will insert an attacker into the data path between the client and the AP.
In such a position, the attacker can delete, add, or modify data, provided he has access to the encryption keys.
Such an attack also enables other attacks that can learn a client’s authentication credentials. Man-in-the-middle
attacks often rely on a number of different vulnerabilities.
Example
The following command enables detections in the impersonation profile:
(host) (config) #ids impersonation-profile floor1
(host) (IDS Impersonation Profile "floor1") #detect-beacon-wrong-channel
(host) (IDS Impersonation Profile "floor1") #detect-ap-impersonation