As discussed in the context of wifi IPS, a sophisticated attacker can circumvent the ingress filtering defense by violating the 802.11 protocol to transmit frames directly to the victim. The AP can detect this by monitoring for transmissions that it did not send. However, it cannot detect the whisper attack discussed earlier, where the attacker tunes the wifi radio power so that the spoofed packets can reach the victim, but cannot reach the AP (or external detection device).
When filtering fails, the next best option is to detect and forcibly abort the attack. We pursue this direction in the next section.