AC开启WIPS,配置并应用了Windows网桥攻击反制、软AP攻击反制。在配置了无线网桥检测功能后,绿洲平台上严重告警日志显示,无线网桥攻击特别严重,针对这一现象,在AC中做了2种处理,一是应用了block mac-address处理 、二是应用了countermeasure mac-address 处理,仅管将攻击源MAC地址加入了禁用设备列表及手工反制列表,但在处理后,在报警日志中仍然有该攻击源MAC地址的攻击不断出现。请问:
1、block mac-address、countermeasure mac-address二者用法上有什么区别,为什么无法达到要求
2、针对无线网桥攻击的反制,有没有类似Windows网桥攻击反制的命令,有的话,是什么命令
3、要对无线网桥攻击进行反制,具体需要如何配置呢,
AC+FIT AP,AC旁挂,AP本地转发,V7版本
(0)
最佳答案
wips反制,用countermeasure,一般有两种情况达不到效果,第一是配置问题,第二是效果不明显。
配置:
wips
ap-classification rule 1
ssid include fr
classification policy 1
apply ap-classification rule 1 rogue-ap
countermeasure policy 1
countermeasure rogue-ap
virtual-security-domain 1
apply classification policy 1
apply countermeasure policy 1
wlan ap ap1 model WA5320
serial-id 219801A0YD8166E00133
wips virtual-security-domain 1
vlan 1
radio 1
radio enable
wips enable
radio 2
radio enable
wips enable
第二效果不明显可以调整扫描时长
radio 2
radio enable
scan scan-time 100
wips enable
还有一方面,由于手机机制问题,热点反制效果可能不好
(0)
能否给一下现场的配置和告警的日志看看?
(0)
看配置倒是问题不大,设备是什么版本来着?告警一直都有存在吗
wips # classification policy classp1 block mac-address 44d1-fa07-8833 block mac-address 44d1-fa07-8acd block mac-address 44d1-fa07-8ad6 # countermeasure policy cp1 countermeasure attack soft-ap countermeasure attack windows-bridge countermeasure mac-address 44d1-fa07-8833 countermeasure mac-address 44d1-fa07-8acd countermeasure mac-address 44d1-fa07-8ad6 countermeasure mac-address 44d1-fa27-5f8f countermeasure mac-address 44d1-fa27-5fad countermeasure mac-address 44d1-fa27-6259 select sensor all # detect policy dp1 windows-bridge quiet 300 soft-ap wireless-bridge quiet 300 # virtual-security-domain vsd1 apply classification policy classp1 apply countermeasure policy cp1 apply detect policy dp1 ... 告警日志:X3510H wips 危险 Sensor[30ad-8322-7100]detectedwireless bridge attackinitiated by device[44d1-fa07-8833
看配置倒是问题不大,设备是什么版本来着?告警一直都有存在吗
.......wlan ap-group default-group wips virtual-security-domain vsd1 wlan nat-detect enable vlan 1 ap-model WA4320-ACN-SI radio 1 wips enable radio 2 wips enable......wips # classification policy classp1 block mac-address 44d1-fa07-8833
# countermeasure policy cp1 countermeasure attack soft-ap countermeasure attack windows-bridge countermeasure mac-address 44d1-fa07-8833
select sensor all # detect policy dp1 windows-bridge quiet 300 soft-ap wireless-bridge quiet 300 # virtual-security-domain vsd1 apply classification policy classp1 apply countermeasure policy cp1 apply detect policy dp1
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明