Kismet Wireless

Kismet Forums

 

Posted by:prathmeshg
Subject:detecting attackers using alert files
Date:18:18:01 03/03/2012

> >
> > Also in case of CHANCHANGE, APSPOOF and CRYPTODROP how do we find out who has carried out the change in channel of AP or remove the Security key?
>
> You don't - it's an impersonation attack. The whole point is that the attacker is impersonating a legitimate AP. There is no way to tell who, because there IS no "who", there is only suspicious behavior.

Ok but what about the first part of the question, is it possible to detect the attacker (i.e. IP or MAC address)who is sending deauthentication packets for deauthflood alert (ref.: the alert shown in the earlier part)


Reply to this message