Kismet Wireless

Kismet Forums

 

Posted by:prathmeshg
Subject:detecting attackers using alert files
Date:13:57:47 03/03/2012

I need to detect the attacker (i.e. either the attacker's IP address or MAC address) through the alert file so that i could be able to stop it from harming the wireless network, for my project.
I have been able to generate the following alert file:

Mon Jan 23 18:26:15 2012 BCASTDISCON 0 11:22:33:44:55:66 11:22:33:44:55:66 FF:FF:FF:FF:FF:FF 00:00:00:00:00:00 Network BSSID 11:22:33:44:55:66 broadcast deauthenticate / disassociation of all clients, possible DoS

here 11:22:33:44:55:66 is the Access points MAC address. So can some one pls tell me how to find out who carried out the deauthentication attack using aireplay-ng to produce the above alert?

Also in case of CHANCHANGE, APSPOOF and CRYPTODROP how do we find out who has carried out the change in channel of AP or remove the Security key?
Pls help asap


Reply to this message