Nile Security Alerts
Alerts for Nile Access Service raise awareness about the following:
- Network security detection
- Location where the condition occurred
- Time at which the condition occurred
- Time period for which the condition lasted
Below is the list of alerts raised in the Nile Portal for Nile Access Service and their recommended actions.
This alert is generated when a non-Nile AP is connected to a Nile switch and is broadcasting an SSID that is not configured in Nile portal. The port connecting the rogue AP with the Nile switch has been authorized in Nile Portal and Nile Services Cloud has correlated the wired and wireless mac address of the rogue AP.
Example Alert | Rogue AP with BSSID 58:6d:8f:ed:9d:6c broadcasting SSID 'Linksys2.4' has been detected at Bangalore/Bldg_1/Floor_1 for 8 hours. The Rogue AP is connected to port 21 on Nile Access Switch AS.2 Serial Number: E99Z99999111. Switch port has been blocked. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a non-Nile AP is connected to a Nile switch and is broadcasting an SSID that is not configured in Nile portal. The port connecting the rogue AP with the Nile switch has been authorized in Nile Portal and Nile Services Cloud has not correlated the wired and wireless mac address of the rogue AP.
Example Alert | Rogue AP with BSSID - 26:15:10:2e:81:1b broadcasting SSID - hwmix-open has been detected, in building - Bldg_1, floor - Floor _1. The Rogue AP is connected to port 13 on Nile Access Switch AS.2 Serial Number: E99Z99999111. Switch port has been blocked. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a non-Nile access point is connected to a Nile switch. Nile Services Cloud detected the actual vendor of the rogue AP via fingerprinting.
Example Alert | Rogue AP with mac address 52:54:00:13:9d:ee has been detected with device type Meraki WAP in Bldg Bldg_1, Floor_1. The Rogue AP is connected to port 4 on Nile Access Switch AS.2 Serial Number: E99Z99999111. Switch port has been blocked. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a non-Nile access point is connected to a Nile switch. The port connecting the suspected rogue AP with the Nile switch has been authorized in Nile Portal. Nile Services Cloud has not correlated the wired and wireless mac address of the rogue AP and the suspected rogue AP may be connecting with the Nile switch via NAT
Example Alert | Suspected Rogue AP with macAddress 52:54:00:13:9d has been detected in Bldg - Bangalore, floor - Floor_1 |
|---|---|
Recommended Customer Action |
|
This alert is generated when a rogue AP is broadcasting the same SSID that is configured in the Nile portal
Example Alert | Impersonation attack: Honeypot AP (Bssid : 26:15:10:2B:02:A0) spoofing a valid Nile AP SSID Nile-Secure has been detected in the air at Bangalore/Bldg_1/Floor_1. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a non-Nile access point is impersonating Nile Access Point by broadcasting the same SSID configured in Nile portal and Nile access point BSSID.
Example Alert | Impersonation attack: Evil-Twin AP spoofing a valid Nile AP SSID PERFSENSORPSKSSID and BSSID 26:15:10:2d:04:11 detected in the air at Bangalore/Bldg_1/Floor_1 | |
|---|---|---|
Recommended Customer Action |
|
This alert is generated when a non-Nile access point is impersonating Nile Access Point by broadcasting the same BSSID as Nile access point BSSID.
Example Alert | Impersonation attack: Evil-Twin AP spoofing a valid Nile AP BSSID 26:15:10:2d:04:11 detected in the air at Bangalore/Bldg_1/Floor_1. User devices may accidentally connect to the impersonating AP that is attempting a man-in-the-middle intrusion |
|---|---|
Recommended Customer Action |
|
This alert is generated when a device is detected with static IP address
Example Alert | Device with Static IP address 10.4.7.245 detected and blocked at Bangalore/Bldg_1/Floor_1. This device has MAC Address 08:6a:c5:6a:06:a8. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a Nile Services Cloud detects IP address conflict between a device using static IP and another device using DHCP.
Example Alert | Device with Static IP address 10.4.7.245 causing an IP conflict detected and blocked at Bangalore/Bldg_1/Floor_1. This device has MAC Address 08:6a:c5:6a:06:a8. |
|---|---|
Recommended Customer Action |
|
This alert is generated when Nile Services Cloud detects IP address conflict between devices using DHCP
Example Alert | Device with DHCP IP address 10.4.7.245 causing an IP conflict detected and blocked at Bangalore/Bldg_1/Floor_1. This device has MAC Address 08:6a:c5:6a:06:a8. |
|---|---|
Recommended Customer Action |
|
This alert is generated when a non-WiFi device is interfering with Nile Access Points
Example Alert | A non-WiFi device is interfering (interferer type: CONTINUOUS_WAVE) with the Nile Wireless network has been detected by Nile Access Point Serial Number: A00A00076256 on band 2 at HQ/HQ/Floor 1 for 1 minute. |
|---|---|
Recommended Customer Action |
|
This alert is generated when Nile Services Cloud detects an adhoc peer-to-peer wifi connection.
Example Alert | An Adhoc WiFi peer-to-peer connection was detected between devices e4:5f:01:42:fb:9b and e4:5f:01:3b:b9:03 at Bangalore/Bldg_1/Floor_1. |
|---|---|
Recommended Customer Action |
|
This alert is generated when Nile Services Cloud detects a Denial of Service (DOS) attack involving deauthentication.
Example Alert | A Denial of Service (DoS) attack was detected on BSSID 26:15:10:19:00:00 at Bangalore/Bldg_1/Floor_1. The DoS attack type was identified as BROADCAST_DEAUTHENTICATION. |
|---|---|
Recommended Customer Action |
|
This alert is generated when Nile Services Cloud detects a Denial of Service (DOS) attack involving broadcast disassociation.
Example Alert | A flood attack of type deauthentication from clients 98:59:7a:09:97:78 to bssid 26:15:10:2d:05:01 has been detected by APs A99Z99999380,A00A00076256 at HQ/HQ/Floor 1. |
|---|---|
Recommended Customer Action |
|
-
