Are you running controller code or WISM? If controller code what version of code are you running? We didn't see the problem with 5.0.63, but when we upgraded to 5.2.157 we began to see this. The attacking mac was another cisco ap in the system. We have upgraded to 5.2.178 and this fixed the problem. We also tried downgrading to 5.1.??? and that didn't work.
From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of John Duran Sent: Friday, May 15, 2009 11:59 AM To: [email protected] Subject: [WIRELESS-LAN] DeAuthentication Floods Good Morning All, We are using the Cisco Unified Wireless solution here at the University of New Mexico. We continue to see a high number of "DeAuthntication Floods" and other IDS signatures being triggered on the wireless system. We are curious to know what others are doing to mitigate these types of attacks? What tools and techniques are being used? Thanks, John V. Duran Network Engineer University of New Mexico Information Technology Services Ph: (505) 249-7890 Fax: (505) 277-8101 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
