Kismet Wireless

Kismet Forums


Posted by:frdy
Subject:Kismet as an IDS to generate alerts
Date:17:28:36 20/03/2012

> I am working on wireless network security project which needs an IDS and I am currently trying to use kismet as IDS for L2 attacks.
> Can someone please tell me how to generate the various alerts mentioned on the kismet website. Right now i have only been able to perform DEAUTHFLOOD alert with the help of aireplay-ng software can some one pls tell me which software to use or how to generate the other alerts

I wrote paper for university on this topic ( in polish unfortunately). I did some tests and I've got following observations: BSSTIMESTAMP is generated when you run another AP working with the same BSSID. CRYPTODROP and CHANCHANGE are self-describing but are just warnings. Those three mentioned may be useful in detecting "rogue AP".

I've found no way to detect selective disconnect against single client using aireplay-ng. I've managed to detect aireplay -9 ( injection and reachability test ) - number of clients reported by kismet grew rapidly. I know it may be false-positive, but it's better to know when such thing happens than not IMHO.

I write some code - simple kismet client in python focused on alerts if you are interested.

Reply to this message