Nile Security Alerts

introduction alerts for nile access service raise awareness about the following network security detection location where the condition occurred time at which the condition occurred time period for which the condition lasted below is the list of alerts raised in the nile portal for nile access service and their recommended actions rogue ap violation type 1 this alert is generated when a non nile ap is connected to a nile switch and is broadcasting an ssid that is not configured in nile portal the port connecting the rogue ap with the nile switch has been authorized in nile portal and nile services cloud has correlated the wired and wireless mac address of the rogue ap example alert rogue ap with bssid 58 6d 8f\ ed 9d 6c broadcasting ssid 'linksys2 4' has been detected at bangalore/bldg 1/floor 1 for 8 hours the rogue ap is connected to port 21 on nile access switch as 2 serial number e99z99999111 switch port has been blocked recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any that are found rogue ap violation type 2 this alert is generated when a non nile ap is connected to a nile switch and is broadcasting an ssid that is not configured in nile portal the port connecting the rogue ap with the nile switch has been authorized in nile portal and nile services cloud has not correlated the wired and wireless mac address of the rogue ap example alert rogue ap with bssid 26 15 10 2e 81 1b broadcasting ssid hwmix open has been detected, in building bldg 1, floor floor 1 the rogue ap is connected to port 13 on nile access switch as 2 serial number e99z99999111 switch port has been blocked recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found rogue ap violation type 3 this alert is generated when a non nile access point is connected to a nile switch nile services cloud detected the actual vendor of the rogue ap via fingerprinting example alert rogue ap with mac address 52 54 00 13 9d\ ee has been detected with device type meraki wap in bldg bldg 1, floor 1 the rogue ap is connected to port 4 on nile access switch as 2 serial number e99z99999111 switch port has been blocked recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found suspected rogue ap this alert is generated when a non nile access point is connected to a nile switch the port connecting the suspected rogue ap with the nile switch has been authorized in nile portal nile services cloud has not correlated the wired and wireless mac address of the rogue ap and the suspected rogue ap may be connecting with the nile switch via nat example alert suspected rogue ap with macaddress 52 54 00 13 9d has been detected in bldg bangalore, floor floor 1 recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found remove the rogue access point mac address from access management in nile portal impersonation honeypot ap this alert is generated when a rogue ap is broadcasting the same ssid that is configured in the nile portal example alert impersonation attack honeypot ap (bssid 26 15 10 2b 02\ a0) spoofing a valid nile ap ssid nile secure has been detected in the air at bangalore/bldg 1/floor 1 recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found impersonation evil twin violation 1 this alert is generated when a non nile access point is impersonating nile access point by broadcasting the same ssid configured in nile portal and nile access point bssid example alert impersonation attack evil twin ap spoofing a valid nile ap ssid perfsensorpskssid and bssid 26 15 10 2d 04 11 detected in the air at bangalore/bldg 1/floor 1 recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found impersonation evil twin violation 2 this alert is generated when a non nile access point is impersonating nile access point by broadcasting the same bssid as nile access point bssid example alert impersonation attack evil twin ap spoofing a valid nile ap bssid 26 15 10 2d 04 11 detected in the air at bangalore/bldg 1/floor 1 user devices may accidentally connect to the impersonating ap that is attempting a man in the middle intrusion recommended customer action inspect the indicated floor for any non nile access points physically unplug and remove any found static ip detection this alert is generated when a device is detected with static ip address example alert device with static ip address 10 4 7 245 detected and blocked at bangalore/bldg 1/floor 1 this device has mac address 08 6a\ c5 6a 06\ a8 recommended customer action visit the indicated location; find the device with a static ip address; change the device to use dhcp ip conflict static ip this alert is generated when a nile services cloud detects ip address conflict between a device using static ip and another device using dhcp example alert device with static ip address 10 4 7 245 causing an ip conflict detected and blocked at bangalore/bldg 1/floor 1 this device has mac address 08 6a\ c5 6a 06\ a8 recommended customer action visit the indicated location; find the device with a static ip address; change the device to use dhcp ip conflict dhcp ip this alert is generated when nile services cloud detects ip address conflict between devices using dhcp example alert device with dhcp ip address 10 4 7 245 causing an ip conflict detected and blocked at bangalore/bldg 1/floor 1 this device has mac address 08 6a\ c5 6a 06\ a8 recommended customer action change the dhcp configuration to avoid ip address conflicts interferer violation this alert is generated when a non wifi device is interfering with nile access points example alert a non wifi device is interfering (interferer type continuous wave) with the nile wireless network has been detected by nile access point serial number a00a00076256 on band 2 at hq/hq/floor 1 for 1 minute recommended customer action inspect the indicated location for a device operating in radio frequency (e g , microwave ovens, cordless phones, bluetooth links, etc ) locate the source of interference remove or relocate any sources found adhoc violation this alert is generated when nile services cloud detects an adhoc peer to peer wifi connection example alert an adhoc wifi peer to peer connection was detected between devices e4 5f 01 42\ fb 9b and e4 5f 01 3b\ b9 03 at bangalore/bldg 1/floor 1 recommended customer action locate the devices engaged in a p2p connection at the indicated location disable the adhoc connection dos violation type 1 this alert is generated when nile services cloud detects a denial of service (dos) attack involving deauthentication example alert a denial of service (dos) attack was detected on bssid 26 15 10 19 00 00 at bangalore/bldg 1/floor 1 the dos attack type was identified as broadcast deauthentication recommended customer action locate the source of denial of service attack; remove from the environment dos violation type 2 this alert is generated when nile services cloud detects a denial of service (dos) attack involving broadcast disassociation example alert a flood attack of type deauthentication from clients 98 59 7a 09 97 78 to bssid 26 15 10 2d 05 01 has been detected by aps a99z99999380,a00a00076256 at hq/hq/floor 1 recommended customer action locate the source of denial of service attack; remove from your environment reach out to the nile support team for tips on how to determine the origin of dos attack