every AP has a log. You can see there... or get a better one (such as Linksys G54) and put openwrt or ddwrt on it... you'll have much better logging capabilities. If you're really paranoid, use pfsense on some more powerful device..
AP Security
I will increase my security after what I have found out but is there any way to establish if your AP has been or is getting attacked?
every AP has a log. You can see there... or get a better one (such as Linksys G54) and put openwrt or ddwrt on it... you'll have much better logging capabilities. If you're really paranoid, use pfsense on some more powerful device..
I might be wrong however its my understanding that its nearly impossible to detect passive sniffing / attacks
If the attacker startes deauthing and injecting packet you can pick them up with airodump-ng or even kismet ... but that would require you dedicating a wlan card just for scanning
Depending on the security of your AP i would be more concerned with jamming than a actual attack
then again im a complete n00b so disregard this i suck c*cks
Thank you for the help
static-eratic is right in saying that its nearly impossible to detect passive attacks. There needs to be some attempt to communicate to your AP before you are going to be able to "detect" something is wrong using commonly available equipment.
If you're really interested in detecting wireless attacks, Kismet features a wireless IDS (Intrusion Detection System) which can detect a number of different patterns that may indicate a wireless attack. It can see things such as :
- Netstumbler probe requests
- Channel change
- Deauthentication flood
- Broadcast dissassociate or deauthenticate
- probe-no-join
More in section 15 of the Kismet documentation:
http://www.kismetwireless.net/documentation.shtml
Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".
The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.
Posting Permissions