ids impersonation-profile

ap-spoofing-quiet-time

beacon-diff-threshold

beacon-inc-wait-time

beacon-wrong-channel-quiet-time

chan-based-mitm-quiet-time

clone

detect-ap-impersonation

detect-ap-spoofing

detect-beacon-wrong-channel

detect-chan-based-mitm

detect-hotspotter

hotspotter-quiet-time

protect-ap-impersonation

Description

This command configures anomalies for impersonation attacks.

Parameter	Description
	Name that identifies an instance of the profile. Range:1-63 characters Default:"default"
ap-spoofing-quiet-time	Time to wait, in seconds, after detecting AP Spoofing after which the check can be resumed. Range:60-360000 seconds Default:60 seconds
beacon-diff-threshold	Percentage increase, in beacon rates, that triggers an AP impersonation event. Range:0-100% Default:50%
beacon-inc-wait-time	Time, in seconds, after the beacon difference threshold is crossed before an AP impersonation event is generated. Default:3 seconds
beacon-wrong-channel-quiet-time	Time to wait, in seconds, after detecting a beacon with the wrong channel after which the check can be resumed. Range:60-360000 seconds Default:900 seconds
chan-based-mitm-quiet-time	Time to wait, in seconds, after detecting man-in-the-middle attack after which the check can be resumed. Range:60-360000 seconds Default:900 seconds
clone	Name of an existing IDS impersonation profile from which parameter values are copied.
detect-ap-impersonation	Enables or disables detection of AP impersonation. In AP impersonation attacks, the attacker sets up an AP that assumes the BSSID and ESSID of a valid AP or a neighboring AP. AP impersonation attacks can be done for man-in-the-middle attacks, a rogue AP attempting to bypass detection, or a honeypot attack. Default:enabled
detect-ap-spoofing	Enables or disables AP Spoofing detection. Default:enabled
detect-beacon-wrong-channel	Enables or disables detection of beacons advertising the incorrect channel. Default:disabled
detect-chan-based-mitm	Enables or disables channe-based man-in-the-middle attack detection. Default:disabled
detect-hotspotter	Enables or disables detection of the Hotspotter attack to lure away valid clients. Default:disabled
hotspotter-quiet-time	Time to wait, in seconds, after detecting an attempt to use the Hotspotter tool against clients. Range:60-360000 seconds Default:900 seconds
no	Negates any configured parameter.
protect-ap-impersonation	When AP impersonation is detected, both the legitimate and impersonating AP are disabled using a denial of service attack. Default:disabled

Parameter

Description

Name that identifies an instance of the profile.

Range:1-63 characters

Default:"default"

ap-spoofing-quiet-time

Time to wait, in seconds, after detecting AP Spoofing after which the check can be resumed.

Range:60-360000 seconds

Default:60 seconds

beacon-diff-threshold

Percentage increase, in beacon rates, that triggers an AP impersonation event.

Range:0-100%

Default:50%

beacon-inc-wait-time

Time, in seconds, after the beacon difference threshold is crossed before an AP impersonation event is generated.

Default:3 seconds

beacon-wrong-channel-quiet-time

Time to wait, in seconds, after detecting a beacon with the wrong channel after which the check can be resumed.

Range:60-360000 seconds

Default:900 seconds

chan-based-mitm-quiet-time

Time to wait, in seconds, after detecting man-in-the-middle attack after which the check can be resumed.

Range:60-360000 seconds

Default:900 seconds

clone

Name of an existing IDS impersonation profile from which parameter values are copied.

detect-ap-impersonation

Enables or disables detection of AP impersonation. In AP impersonation attacks, the attacker sets up an AP that assumes the BSSID and ESSID of a valid AP or a neighboring AP. AP impersonation attacks can be done for man-in-the-middle attacks, a rogue AP attempting to bypass detection, or a honeypot attack.

Default:enabled

detect-ap-spoofing

Enables or disables AP Spoofing detection.

Default:enabled

detect-beacon-wrong-channel

Enables or disables detection of beacons advertising the incorrect channel.

Default:disabled

detect-chan-based-mitm

Enables or disables channe-based man-in-the-middle attack detection.

Default:disabled

detect-hotspotter

Enables or disables detection of the Hotspotter attack to lure away valid clients.

Default:disabled

hotspotter-quiet-time

Time to wait, in seconds, after detecting an attempt to use the Hotspotter tool against clients.

Range:60-360000 seconds

Default:900 seconds

Negates any configured parameter.

protect-ap-impersonation

When AP impersonation is detected, both the legitimate and impersonating AP are disabled using a denial of service attack.

Default:disabled

Example

The following command enables detections in the impersonation profile:

(host) [mynode] (config) #ids impersonation-profile floor1

(host) [mynode] (IDS Impersonation Profile "floor1") #detect-beacon-wrong-channel

(host) [mynode] (IDS Impersonation Profile "floor1") #detect-ap-impersonation

Related Command

Command	Description
show ids impersonation-profile	Displays the IDS impersonation profile.

Command History

Release	Modification
ArubaOS8.2.0.0	The following parameters were added: `chan-based-mitm-quiet-time` `detect-chan-based-mitm`
ArubaOS8.0.0.0	Command Introduced.

Release

Modification

ArubaOS8.2.0.0

The following parameters were added:

chan-based-mitm-quiet-time
detect-chan-based-mitm

ArubaOS8.0.0.0

Command Introduced.

Command Information

Platforms	License	Command Mode
All platforms	需要RFprotectlicense.	Config mode onMobility Conductor.