Kismet Wireless

Kismet Forums


Posted by:dragorn
Subject:No BSSTIMESTAMP alert on timestamp reset
Date:14:38:58 28/12/2011

> > I do some tests with kismet as IDS and I've observed strange behaviour of BSSTIMESTAMP alert.
> > First, let's give some more info:
> >
> > kismet_server -v: Kismet 2011-03-R2
> >
> > in kismet.conf there is:
> > alert=BSSTIMESTAMP,5/min,1/sec
> > so I suppose it's enabled, am I right here ?
> >
> bsstimestamp was one of those things that never really worked as well as I'd hoped. It's more or less useless- too many perfectly valid APs can't be counted on to monotonically increase reliably; it either doesn't alert or throws floods of spurious false alerts.

Oh, also, if I recall, it detects on a flapping timestamp with some significant delta; an AP rebooting will not trigger it, since that's a single change and then increasing.

Reply to this message