The brute-force-detect interval command sets the interval for brute force key cracking detection.
The undo brute-force-detect interval command restores the default interval for brute force key cracking detection.
By default, the interval for brute force key cracking detection is 60 seconds.
Parameter |
Description |
Value |
|---|---|---|
interval interval |
Specifies the interval for brute force key cracking detection. |
The value is an integer that ranges from 10 to 120, in seconds. |
Usage Scenario
In a brute force key cracking attack, an attacker tries all possible key combinations one by one to obtain the correct password. To improve password security, enable defense against brute force key cracking to prolong the time used to crack passwords.
An AP checks whether the number of key negotiation failures during WPA/WPA2-PSK, WAPI-PSK, or WEP-Share-Key authentication of a user exceeds the threshold configured using the brute-force-detect threshold command. If so, the AP considers that the user is using the brute force method to crack the password and reports an alarm to the AC. If the dynamic blacklist function is enabled, the AP adds the user to the dynamic blacklist and discards all the packets from the user until the dynamic blacklist entry ages out.
Follow-up Procedure
Run the undo dynamic-blacklist disable command to enable the dynamic blacklist function.
# Set the interval for brute force key cracking detection to 100 seconds.
<HUAWEI> system-view [HUAWEI] wlan [HUAWEI-wlan-view] ap-group name office [HUAWEI-wlan-ap-group-office] radio 0 [HUAWEI-wlan-group-radio-office/0] wids attack detect wpa-psk enable [HUAWEI-wlan-group-radio-office/0] quit [HUAWEI-wlan-ap-group-office] quit [HUAWEI-wlan-view] wids-profile name huawei [HUAWEI-wlan-wids-prof-huawei] brute-force-detect interval 100