Kismet Wireless

Kismet Forums


Posted by:frdy
Subject:No BSSTIMESTAMP alert on timestamp reset
Date:19:12:14 02/01/2012

> > > I do some tests with kismet as IDS and I've observed strange behaviour of BSSTIMESTAMP alert.
> > > First, let's give some more info:
> > >
> > > kismet_server -v: Kismet 2011-03-R2
> > >
> > > in kismet.conf there is:
> > > alert=BSSTIMESTAMP,5/min,1/sec
> > > so I suppose it's enabled, am I right here ?
> > >
> >
> > bsstimestamp was one of those things that never really worked as well as I'd hoped. It's more or less useless- too many perfectly valid APs can't be counted on to monotonically increase reliably; it either doesn't alert or throws floods of spurious false alerts.
> Oh, also, if I recall, it detects on a flapping timestamp with some significant delta; an AP rebooting will not trigger it, since that's a single change and then increasing.

Exactly, finally alert was generated when I started another AP ( must advertise the same BSSID on same channel )

Reply to this message