Kismet Wireless

Kismet Forums

 

Posted by:frdy
Subject:Kismet as an IDS to generate alerts
Date:20:24:11 12/03/2013

> > > I am working on wireless network security project which needs an IDS and I am currently trying to use kismet as IDS for L2 attacks.
> > > Can someone please tell me how to generate the various alerts mentioned on the kismet website. Right now i have only been able to perform DEAUTHFLOOD alert with the help of aireplay-ng software can some one pls tell me which software to use or how to generate the other alerts
> >
> > I wrote paper for university on this topic ( in polish unfortunately). I did some tests and I've got following observations: BSSTIMESTAMP is generated when you run another AP working with the same BSSID. CRYPTODROP and CHANCHANGE are self-describing but are just warnings. Those three mentioned may be useful in detecting "rogue AP".
> >
> > I've found no way to detect selective disconnect against single client using aireplay-ng. I've managed to detect aireplay -9 ( injection and reachability test ) - number of clients reported by kismet grew rapidly. I know it may be false-positive, but it's better to know when such thing happens than not IMHO.
> >
> > I write some code - simple kismet client in python focused on alerts if you are interested.
>
> I'm very interested, I'm in my final year trying to implement an IDS (kismet+snort) as my senior project. Could you please send me the kismet python client at nik.csec@gmail.com , thank you very much.

You motivated me to put in online. Grab airwatch from here:
https://code.google.com/p/ziherung-cache/downloads/list
I hope you'll find it useful.


Reply to this message