No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S5720HI V200R010C00 Configuration Guide - WLAN-AC

This document describes native AC (hereinafter referred to as WLAN AC) configuration procedures and provides configuration examples.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Defense Against Brute Force Attacks Using Keys

Defense Against Brute Force Attacks Using Keys

During a brute force attack, the attacker searches for a password by trying to use all possible password combinations. This method is also called the exhaustive attack method. For example, a 4-digit password that contains only digits may have a maximum of 10,000 combinations. Therefore, the password can be decrypted after a maximum of 10,000 attempts. In theory, the brute force method can decrypt any password. Attackers, however, are always looking for ways to shorten the time required to decrypt the password. When a WLAN uses WPA/WPA2-PSK, WAPI-PSK, or WEP-Shared-Key as the security policy, attackers can use the brute force method to decrypt the password.

Using a key can defend against brute force attacks on WLANs by prolonging the time needed to decrypt passwords. An AP checks whether the number of key negotiation attempts during WPA/WPA2-PSK, WAPI-PSK, or WEP-Shared-Key authentication exceeds the configured threshold. If the threshold is exceeded, the AP assumes that the user is using the brute force method to decrypt the password and reports an alarm to the AC. If the dynamic blacklist function is enabled, the AP adds the user to the dynamic blacklist and discards all the packets of the user until the dynamic blacklist entry expires.

Updated: 2019-12-28

Document ID: EDOC1000141952

Views: 203300

Downloads: 522

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next