Detecting Active Exploits
The controller supports three active exploit alarms that serve as notifications of potential threats. They are enabled by default and therefore require no configuration on the controller.
ASLEAP detection—The controller raises a trap event if an attacker launches a LEAP crack tool. The trap message is visible in the controller’s trap log.
Fake access point detection—The controller tweaks the fake access point detection logic to avoid false access point alarms in high-density access point environments.
Honeypot access point detection—The controller raises a trap event if a rogue access point is using managed SSIDs (WLANs configured on the controller). The trap message is visible in the controller’s trap log.