This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Radar detection of "WEP or WPA-PSK active encryption attack"

Radar detection of "WEP or WPA-PSK active encryption attack"

hsachse
New Contributor III

‎08-24-2016 12:07 PM

I have enabled the the in-service scan on one AP3825i access point to
test the Radar feature. Since I've enabled it at the morning the Radar reports "WEP or WPA-PSK active encryption attack" in the log.

Based on my knowledge this could be caused by excessive FCS errors and other reasons. I discovered the same behavior during severals other tests at different locations. For me it looks like a false positive. The Wireless Statistic Report of the access point shows a large FCS Error Count on Radio 1 (5 GHz):

ecf47554415b4e69bc1aa5a728f15950_RackMultipart20160824-7496-1rmh0b7-FCS-Erros_inline.png



Anyone else has the same alarms?
9 REPLIES 9

Ronald_Dvorak
Honored Contributor

‎08-25-2016 09:15 AM

Is there any document/user manual available that describe the RADAR functionality in more detail.

The HiGuard manual was very good so I'd like to see something similar for RADAR - it's hard to sell a added feature without any technical knowledge about it.

I've found a document from 2014 v8.21 but I hope that there is something more current/accurate that also includes new APs.

Thx,
Ron
0 Kudos

Ryan_Mathews
Extreme Employee
In response to Ronald_Dvorak

‎08-25-2016 09:15 AM

Thanks for being vocal about this Ron.
0 Kudos

Ronald_Dvorak
Honored Contributor
In response to Ronald_Dvorak

‎08-25-2016 09:15 AM

Sorry Hartmut because I've hijacked the thread with my post.
You are right that is exactly the document I mean 🙂

@Extreme - I can't "sell" Radar to anyone without the information how it works.
The amount of "whitepapers" and othere technical material is VERY limited.

@Christina - Thanks but I think I've done enough - I've opened a GTAC ticket / I've wrote comments in the survey of the GTAC ticket and reported the issue here.
0 Kudos

hsachse
New Contributor III
In response to Ronald_Dvorak

‎08-25-2016 09:15 AM

I think Ronald mean the old tech note for Radar feature introduced in version 8.21. This document include about the threats the WIDS/WIPS discover. In have one customer who asked for such an overview. Would be great if you include a updated version of this in the user guide.
0 Kudos
GTM-P2G8KFN