Kismet Wireless

Kismet Forums

 

Posted by:nixor
Subject:Kismet as an IDS to generate alerts
Date:12:10:17 10/03/2013

> > > > > > > I am working on wireless network security project which needs an IDS and I am currently trying to use kismet as IDS for L2 attacks.
> > > > > > > Can someone please tell me how to generate the various alerts mentioned on the kismet website. Right now i have only been able to perform DEAUTHFLOOD alert with the help of aireplay-ng software can some one pls tell me which software to use or how to generate the other alerts
> > > > > >
> > > > > > Lorcon, aircrack, karma, metasploit, reaver will generally generate what you need (as they are the tools the IDS stuff is generally written to detect). The readme lists specific attacks where possible.
> > > > >
> > > > > Thanks for the help and can you please tell me if it is possible to combine kismet with snort (not snort-wireless) and does it require a lot of time to learn and setup snort to generate alerts by writing rules
> > > >
> > > > Maybe? I don't use snort. If you can pull in syslog entries, then, yes. I don't know how one writes rules for that.
> > >
> > > I am working on a practical on kismet and snort integration that is in the acceptance stage now. I can send it to you via email if you wish. Alternatively, there is a document located at http://www.symmetrixtech.com/articles/014-snortinstallguide292.pdf
> > > you can follow, and all you have to do is change the monitoring interface from eth0 to kismets virtual interface (kistap0)
> >
> > It would be great if you could mail about your work (my email id: ppsg1990@gmail.com) and have you carried out all the attacks on kismet which generate alerts (the alerts mentioned in the README file) if you have can you please tell me how to carry out those attacks or atleast a site which would help me do it
> >
> > And finally does snort (after writing all the rules)detect the various attacks and does it generate alerts.
>
> Email has been sent.

I'm implementing a similar project for my final year at the University.
I've been reading your paper remote-access-point/IDS on SANS reading room, and I have to say that it helped me out to be able to run Kismet via my router TL-WDR4300.

1. Could you please send me those files/programs/configs as well.

2. If it's not too much I'd appreciate your update on professional insight of where we are at on the topic(OpenSource IDS implementation + Kismet/Snort) as of now(2013).

My email's at: nik.csec@gmail.com

Than you very much.


Reply to this message