This alarm is raised by WiFi Manager when it detects a Denial of Service  in form of Authentication Flood Attack.

What is  Authentication?

Wireless cleints go through an Authentication process inorder to associate with an AP in a WLAN. This authentication can be through open key authentication or through shared key authentication techniques. A station can be authenticated with several APs at the same time, but associated with at most one AP at any time.

What happens during Authentication Flood Attack?

The association requests sent by the clients are maintained by the AP in a Association Table. The maximum value of the asociations is specified as 2007concurent associations  by IEEE. When this association overflows, the AP refuses to associate any further clients. In order to cause an Authentication flood attack, the attacker, authenticates several non-existing stations using legitimate-looking but randomly generated MAC addresses.  The attacker then sends a flood of spoofed associate requests so that the association table overflows. may keep sending spoofed  association requests to the AP leading to overflow of Association Table.

What should the administrators do?

WiFi Manager detects this form of DoS attack by tracking client authentication and association states. When the alarm is triggered, the AP and client under attack will be identified  and  reported .Enabling MAC filtering in the AP will prevent this attack by way of Blocking the particualr MAC  to the APs.

Authentication Failure Attack

Deauthentication Flood Attack