Posted by:dragorn
Subject:IDS Alert "Problem"
Date:01:13:05 05/04/2010

> Hello,
> I'm trying to get Kismet to generate an alert, i have attempted to do this by enabling "Probenojoin" and just waiting for some false positives so popup, no luck so far!

That is a behavior based not signature based alert, so theres no promise it will trigger.

> I have also attacked my own "Server" (VMWare'd ubuntu server) & my workstation with Disassociation packets using Aireplay, sent around 100. This also failed to produce an alert. Is there something i have missed, such as a command to enable the Alerts?

If you're messing with channel hopping, etc, you may be missing. You also may not be injecting properly. I'm not sure what you're doing with the vm session - if it's not a wireless client disassoc doesn't mean much.

> I think i may be enabling the monitor mode on my wireless card incorrectly, i have enabling it using "airmon-ng start wlan0". This creates "mon0", which i am using to capture packets. Everything appears to be funcationing correctly however.

You shouldn't be mixing aircrack and kismet stuff - kismet makes the interface the way it needs by itself. It's LIKELY airmon-ng sets it up the same way, but you shouldn't count on it, and there is no reason to be setting up interfaces manually outside of kismet if you want kismet to control them.

> Thanks in Advance
> Chris

