No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - WLAN-AC

S5700 and S6720 V200R012C00

This document describes the configurations of WLAN, including WLAN Service Configuration, Radio Resource Management, Roaming, WLAN QoS, WLAN Security, WDS, Mesh, Location, Hotspot 2.0, Dual-Link Cold Backup, N+1 Backup.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Defense Against Brute Force Attacks Using Keys

Defense Against Brute Force Attacks Using Keys

During a brute force attack, the attacker searches for a password by trying to use all possible password combinations. This method is also called the exhaustive attack method. For example, a 4-digit password that contains only digits may have a maximum of 10,000 combinations. Therefore, the password can be decrypted after a maximum of 10,000 attempts. In theory, the brute force method can decrypt any password. Attackers, however, are always looking for ways to shorten the time required to decrypt the password. When a WLAN uses WPA/WPA2-PSK, WAPI-PSK, or WEP-Shared-Key as the security policy, attackers can use the brute force method to decrypt the password.

Using a key can defend against brute force attacks on WLANs by prolonging the time needed to decrypt passwords. An AP checks whether the number of key negotiation attempts during WPA/WPA2-PSK, WAPI-PSK, or WEP-Shared-Key authentication exceeds the configured threshold. If the threshold is exceeded, the AP assumes that the user is using the brute force method to decrypt the password and reports an alarm to the AC. If the dynamic blacklist function is enabled, the AP adds the user to the dynamic blacklist and discards all the packets of the user until the dynamic blacklist entry expires.

Updated: 2018-12-24

Document ID: EDOC1100038361

Views: 157948

Downloads: 436

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next