Tim, I don't think that a description exist for the WiNG WIPS alarms (that I can locate right now) but AirDefense contains essentially the same alarm and does have an explanation. Here is it's explanation:
An access point is detected leaking wired traffic into the air. This indicates that the AP is not employing an encryption mechanism for multicast or broadcast traffic that originates from the wired side of the network. Multicast and broadcast traffic perform important functions that are vital for network discovery and content delivery. Since an access point acts as a bridge between the wired and the wireless medium, the AP will transmit this multicast and broadcast traffic into the air. In a typical corporate network, this data that is wirelessly transmitted should be encrypted by the AP to prevent it from being read by wireless eavesdroppers. If this multicast and broadcast traffic is not encrypted by the AP, then all layer 3 and above information in these packets will be clearly visible to wireless eavesdroppers.
Using layer 3 and above information, eavesdroppers can begin assembling a representation of the wired network, including routing protocols. In the case of NetBIOS traffic, the eavesdropper can also see devices that are located on the wired network. This type of AP misconfiguration is a security risk because the eavesdropper is able operate in a listen-only mode and may therefore go undetected for extended periods of time. In addition to the primary security concerns of wired side leakage, networks with excessive amounts of broadcast or multicast traffic could also experience a degradation in their wireless network performance due to the frequent multicast transmissions.
