< Home

display wlan ids attack-detected

Function

The display wlan ids attack-detected command displays information about the detected attacking devices.

Format

display wlan ids attack-detected { all | flood | spoof | wapi-psk | weak-iv | wep-share-key | wpa-psk | wpa2-psk | mac-address mac-address }

Parameters

Parameter

Description

Value

all

Displays information about all types of attacking devices.

-

flood

Displays information about devices launching flood attacks.

-

spoof

Displays information about devices launching spoofing attacks.

-

wapi-psk

Displays information about devices that perform brute force cracking in WAPI-PSK authentication mode.

-

weak-iv

Displays information about devices launching weak IV attacks.

-

wep-share-key

Displays information about devices that perform brute force cracking in WEP-SK authentication mode.

-

wpa-psk

Displays information about devices that perform brute force cracking in WPA-PSK authentication mode.

-

wpa2-psk

Displays information about devices that perform brute force cracking in WPA2-PSK authentication mode.

-

mac-address mac-address

Displays information about the detected attacking devices with specified MAC addresses.

The value is in H-H-H format. An H is a hexadecimal number of 4 digits.

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

After attack detection is enabled, you can run the display wlan ids attack-detected command to view information about the attacking devices.

Prerequisites

The attack detection functions of all types have been enabled using the wids attack detect enable command.

Example

# Display information of all current attacking devices.

<HUAWEI> display wlan ids attack-detected all
#AP: Number of monitor APs that have detected the device
AT: Last detected attack type
CH: Channel number
act: Action frame            asr: Association request
aur: Authentication request  daf: Deauthentication frame
dar: Disassociation request  wiv: Weak IV detected
pbr: Probe request           rar: Reassociation request
eaps: EAPOL start frame      eapl: EAPOL logoff frame
saf: Spoofed disassociation frame
sdf: Spoofed deauthentication frame
otsf: Other types of spoofing frames
-------------------------------------------------------------------------------
MAC address     AT     CH   RSSI(dBm)  Last detected time     #AP
-------------------------------------------------------------------------------
000b-c002-9c81  pbr    165  -87        2014-11-20/15:51:13    1
0024-2376-03e9  pbr    165  -84        2014-11-20/15:52:13    1
0046-4b74-691f  act    165  -67        2014-11-20/15:43:33    1
00bc-71b7-171d  pbr    165  -88        2014-11-20/15:41:43    1
00bc-71b7-171f  act    165  -87        2014-11-20/15:44:03    1
-------------------------------------------------------------------------------
Total: 5, printed: 5
Table 1 Description of the display wlan ids attack-detected all command output

Item

Description

MAC address
  • For spoofing attacks, this parameter indicates the basic service set identifier (BSSID) that forges the MAC address of an AP.
  • For other types of attacks, this parameter indicates the MAC address of the device launching attacks.

AT

Acronym of the attack type.

CH

Channel in which the last attack is detected.

RSSI(dBm)

Average received signal strength indicator (RSSI) of the attack frames detected.

Last detected time

Last time at which an attack is detected.

#AP

Number of APs which detect this attack.

# Display information of an attacking device with the specified MAC address.

<HUAWEI> display wlan ids attack-detected mac-address 8c70-5a47-aad0
act: Action frame            asr: Association request
aur: Authentication request  daf: Deauthentication frame
dar: Disassociation request  wiv: Weak IV detected
pbr: Probe request           rar: Reassociation request
eaps: EAPOL start frame      eapl: EAPOL logoff frame
saf: Spoofed disassociation frame
sdf: Spoofed deauthentication frame
otsf: Other types of spoofing frames
-------------------------------------------------------------------------------
MAC address                           : 8c70-5a47-aad0
Number of detected APs                : 1
Channel                               : 165
RSSI(dBm)                             : -80
Reported AP 1
  AP name                             : ap-13
  Flood attack type                   : pbr
  First detected time(Flood)          : 2014-11-20/15:50:33
  Spoof attack type                   : -
  First detected time(Spoof)          : -
  First detected time(Weak-iv)        : -
  First detected time(WEP)            : -
  First detected time(WPA)            : -
  First detected time(WPA2)           : -
  First detected time(WAPI)           : -
-------------------------------------------------------------------------------
Table 2 Description of the display wlan ids attack-detected mac-address mac-address command output

Item

Description

MAC address
  • For spoofing attacks, this parameter indicates the basic service set identifier (BSSID) that forges the MAC address of an AP.
  • For other types of attacks, this parameter indicates the MAC address of the device launching attacks.

Number of detected APs

Number of APs which detect this attack.

Channel

Channel in which the last attack is detected.

RSSI(dBm)

Average received signal strength indicator (RSSI) of the attack frames detected.

Reported AP

Information of the AP which detects the attack.

AP name

Name of the AP which detects the attack.

Flood attack type

Flood attacks detected by the AP.

Spoof attack type

Spoofing attacks detected by the AP.

First detected time

First time when an attack is detected by an AP.
Parent Topic: WLAN Security Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >