Wireless IDS ?

[prowl3r]

An interesting paper on the subject has been brought to my attention. You may find it here

A Scalable Wireless Intrusion Detection System

Snort-wireless doesn't seem to progress at all and I could not find a reasonable alternative.

Are you guys aware of any open-source, free, linux based Wireless-IDS project ?

[imported_wyze]

I talked to renderman @ shmoocon this year about building one, not sure if he has made any progress but it seems doable.

[lupin]

Kismet includes wireless IDS functionality - see the "12. Alerts & IDS" section of the readme

[prowl3r]

Thank you lupin, you are right

I saw a paper on how to build a wireless IDS using kismet + linksys router running openwrt at sans:

http://www.sans.org/reading_room/whi..._openwrt_33103

Also kismet + snort seem to get the job done.

I got the impression that kismet is able to raise alarms but it needs another application to process and manage them. I might be wrong here. Further analysis is needed.

What I'm looking for is a snort-like wireless IDS.


wyze,

should you hear about it, please let me know. Interesting stuff as we do know how to secure it but we can't really tell someone is knocking the door.

[lupin]

I got the impression that kismet is able to raise alarms but it needs another application to process and manage them. I might be wrong here. Further analysis is needed.

Think you are probably right there, although I will say that my opinion on that is based solely on my experiences running Kismet at home to confirm that my AP was running correctly, and then having it beep noisily at me several times when it detected what it though were attacks. (I think it was actually just my iPhone doing something stupid with its wireless connection).

Assuming that your idea of good IDS alerting isnt noisy beeping, you'd probably need some other app to watch the Kismet log and do something useful when it detected certain entries.