You are here: Home > CLI Commands > Just_CLI_Topics > ids impersonation-profile

ids impersonation-profile

ids impersonation-profile <profile-name>

ap-spoofing-quiet-time <ap-spoofing-quiet-time>

beacon-diff-threshold <beacon-diff-threshold>

beacon-inc-wait-time <beacon-inc-wait-time >

beacon-wrong-channel-quiet-time <beacon-wrong-channel-quiet-time>

chan-based-mitm-quiet-time <chan-based-mitm-quiet-time>

clone <source>

detect-ap-impersonation

detect-ap-spoofing

detect-beacon-wrong-channel

detect-chan-based-mitm

detect-hotspotter

hotspotter-quiet-time <hotspotter-quiet-time>

no

protect-ap-impersonation

Description

This command configures anomalies for impersonation attacks.

Syntax

Parameter

Description

Range

Default

<profile-name>

Name that identifies an instance of the profile. The name must be 1-63 characters.

1-63 characters

“default”

ap-spoofing-quiet-time

<ap-spoofing-quiet-time>

Time to wait, in seconds, after detecting AP Spoofing after which the check can be resumed.

60-360000 seconds

60 seconds

beacon-diff-threshold

<beacon-diff-threshold>

Percentage increase, in beacon rates, that triggers an AP impersonation event.

0-100%

50%

beacon-inc-wait-time

<beacon-inc-wait-time >

Time, in seconds, after the beacon difference threshold is crossed before an AP impersonation event is generated.

3 seconds

beacon-wrong-channel-quiet-time

<beacon-wrong-channel-quiet-time>

Time to wait, in seconds, after detecting a beacon with the wrong channel after which the check can be resumed.

60-360000 seconds

900 seconds

chan-based-mitm-quiet-time

<chan-based-mitm-quiet-time>

Time to wait, in seconds, after detecting man-in-the-middle attack after which the check can be resumed.

60-360000 seconds

900 seconds

clone <source>

Name of an existing IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. impersonation profile from which parameter values are copied.

detect-ap-impersonation

Enables or disables detection of AP impersonation. In AP impersonation attacks, the attacker sets up an AP that assumes the BSSIDBasic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. and ESSIDExtended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. of a valid AP or a neighboring AP. AP impersonation attacks can be done for man-in-the-middle attacks, a rogue AP attempting to bypass detection, or a honeypot attack.

enabled

detect-ap-spoofing

Enables or disables AP Spoofing detection

enabled

detect-beacon-wrong-channel

Enables or disables detection of beacons advertising the incorrect channel

disabled

detect-chan-based-mitm

Enables or disables channe-based man-in-the-middle attack detection.

disabled

detect-hotspotter

Enables or disables detection of the Hotspotter attack to lure away valid clients.

disabled

hotspotter-quiet-time

<hotspotter-quiet-time>

Time to wait, in seconds, after detecting an attempt to use the Hotspotter tool against clients.

60-360000 seconds

900 seconds

no

Negates any configured parameter.

protect-ap-impersonation

When AP impersonation is detected, both the legitimate and impersonating AP are disabled using a denial of service attack.

disabled

Usage Guidelines

A successful man-in-the-middle attack will insert an attacker into the data path between the client and the AP. In such a position, the attacker can delete, add, or modify data, provided he has access to the encryption keys. Such an attack also enables other attacks that can learn a client’s authentication credentials. Man-in-the-middle attacks often rely on a number of different vulnerabilities.

Example

The following command enables detections in the impersonation profile:

(host) [mynode] (config) #ids impersonation-profile floor1

(host) [mynode] (IDS Impersonation Profile "floor1") #detect-beacon-wrong-channel

(host) [mynode] (IDS Impersonation Profile "floor1") #detect-ap-impersonation

Related Commands

Command

Description

show ids impersonation-profile

Displays the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. impersonation profile.

Command History

Release

Modification

ArubaOS 8.2.0.0

The following parameters were added:

chan-based-mitm-quiet-time

detect-chan-based-mitm

ArubaOS 8.0.0.0

Command Introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the RFprotect license.

Config mode on Mobility Master.

/*]]>*/