You are here: Home > CLI Commands > Just_CLI_Topics > ids signature-profile

ids signature-profile

ids signature-profile <profile-name>

bssid <mac-addr> [valid-ap]

clone <source>

dst-mac <mac-addr> [valid-ap]

frame-type {assoc|auth|beacon|control|data|deauth|disassoc|mgmt|probe-request {ssid <ssid>}{ssid-length <ssid-length>}|probe-response {ssid <ssid>}{ssid-length <ssid-length>}}

no

payload <pattern> [offset <offset>]

seq-num <seq-num>

src-mac <mac-addr> [valid-ap]

Description

This command configures signatures for wireless intrusion detection.

Syntax

Parameter

Description

Range

Default

<profile-name>

Name that identifies an instance of the profile. The name must be 1-63 characters.

“default”

bssid <mac-addr>

BSSIDBasic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. field in the 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame header.

valid-ap

Matches a valid AP SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

clone <source>

Name of an existing IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. signature profile from which parameter values are copied.

dst-mac <mac-addr>

Destination MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address in the 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame header.

valid-ap

Matches a valid AP SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

frame-type

Type of 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame. For each type of frame, further parameters can be specified to filter and detect only the required frames.

assoc

Association frame type

auth

Authentication frame type

beacon

Beacon frame type

control

All control frames

data

All data frames

deauth

Deauthentication frame type

disassoc

Disassociation frame type

mgmt

Management frame type

probe-request

Probe request frame type

probe-response

Probe response frame type

ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. <ssid>Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.

For beacon, probe-request, and probe-response frame types, specify the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. as either a string or hex pattern.

0-32 bytes

ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-length

<ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.-length>

For beacon, probe-request, and probe-response frame types, specify the length, in bytes, of the SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

0-32 bytes

no

Negates any configured parameter.

payload <pattern>

Pattern at a fixed offset in the payload of an 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame. Specify the pattern to be matched as a string or hex pattern.

0-32 bytes

offset <offset>

When a payload pattern is configured, specify the offset in the payload where the pattern is expected to be found in the frame.

seq-num <seq-num>

Sequence number of the frame.

src-mac <mac-addr>

Source MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address in the 802.11802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. frame header.

valid-ap

Matches a valid AP SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network..

Example

The following command configures a signature profile:

(host) [mynode] (config) #ids signature-profile floor4

(host) [mynode] (IDS Signature Profile "floor4") #frame-type assoc

(host) [mynode] (IDS Signature Profile "floor4") #src-mac 00:00:00:00:00:00

Usage Guidelines

The following describes the configuration for the predefined signature profiles:

Signature Profile

Parameter

Value

AirJack

frame-type

beacon ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. = AirJack

ASLEAP

frame-type

beacon ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. = asleap

Deauth-Broadcast

 

frame-type

deauth

dst-mac

ff:ff:ff:ff:ff:ff

Netstumbler Generic

 

payload

offset=3 pattern=0x00601d

payload

offset=6 pattern=0x0001

Netstumbler Version 3.3.0x

 

payload

offset=3 pattern=0x00601d

payload

offset=12 pattern=0x000102

Null-Probe-Response

frame-type

probe-response ssidService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. length = 0

Related Commands

Command

Description

show ids signature-profile

Displays the IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. signature profile.

Command History

Release

Modification

ArubaOS 8.0.0.0

Command Introduced.

Command Information

Platform

License

Command Mode

All platforms

Requires the RFprotect license.

Config mode on Mobility Master.

/*]]>*/