Kismet Status Alert "Suspicious client %s - probing ..." Clarification
I have been running Kismet and have been noticing an ongoing number of status alerts with the following message:
"Suspicious client %s - probing networks but never participating.",
Is this message indicative that there is another machine(s) running kismet or some other wifi exploit software? The MAC address seems to be changing frequently, so I can’t tell if it is one machine spoofing or multiple machines?
I am hoping to get some clarification on what this alert means and am curious if there is some sort of ongoing hack attempt/wifi monitoring in the area.
It's explained here:
15. Alerts and Intrusion Detection
thank you for the link level-
Any idea why the MACs would be different? Is this alert usually a false positive or indicative of multiple scanners? thanks~!
It's probably a wireless card in ad-hoc mode, probing.
So this would obviously be a security risk to a WLAN; any suggestions on protocol on how to deal with this type of probing???
I didn't mean to infer it was probing your WLAN. It's just the way ad-hoc works, it's harmless. Probing, in this instance, refers to sending probe request and probe response frames.
It seems innocuous enough, but I would like to know the location of the probes. I could see in a corporate lan setting this could be a rouge access point/workstation; as I don't think most network cards run in ad-hoc mode normally? I guess I will have to run gpsdrive or something similiar to get the plotting, may be a subject for a later post.