Results 1 to 5 of 5

Thread: Wireless IDS ?

  1. #1
    prowl3r
    Guest

    Default Wireless IDS ?

    An interesting paper on the subject has been brought to my attention. You may find it here

    A Scalable Wireless Intrusion Detection System

    Snort-wireless doesn't seem to progress at all and I could not find a reasonable alternative.

    Are you guys aware of any open-source, free, linux based Wireless-IDS project ?

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    I talked to renderman @ shmoocon this year about building one, not sure if he has made any progress but it seems doable.
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Kismet includes wireless IDS functionality - see the "12. Alerts & IDS" section of the readme
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  4. #4
    prowl3r
    Guest

    Default

    Thank you lupin, you are right

    I saw a paper on how to build a wireless IDS using kismet + linksys router running openwrt at sans:

    http://www.sans.org/reading_room/whi..._openwrt_33103

    Also kismet + snort seem to get the job done.

    I got the impression that kismet is able to raise alarms but it needs another application to process and manage them. I might be wrong here. Further analysis is needed.

    What I'm looking for is a snort-like wireless IDS.


    wyze,

    should you hear about it, please let me know. Interesting stuff as we do know how to secure it but we can't really tell someone is knocking the door.

  5. #5
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by prowl3r View Post
    I got the impression that kismet is able to raise alarms but it needs another application to process and manage them. I might be wrong here. Further analysis is needed.
    Think you are probably right there, although I will say that my opinion on that is based solely on my experiences running Kismet at home to confirm that my AP was running correctly, and then having it beep noisily at me several times when it detected what it though were attacks. (I think it was actually just my iPhone doing something stupid with its wireless connection).

    Assuming that your idea of good IDS alerting isnt noisy beeping, you'd probably need some other app to watch the Kismet log and do something useful when it detected certain entries.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •