Kismet Wireless

Kismet Forums

 

Posted by:nixor
Subject:Kismet as an IDS to generate alerts
Date:22:01:59 12/03/2013

> > > > I am working on wireless network security project which needs an IDS and I am currently trying to use kismet as IDS for L2 attacks.
> > > > Can someone please tell me how to generate the various alerts mentioned on the kismet website. Right now i have only been able to perform DEAUTHFLOOD alert with the help of aireplay-ng software can some one pls tell me which software to use or how to generate the other alerts
> > >
> > > I wrote paper for university on this topic ( in polish unfortunately). I did some tests and I've got following observations: BSSTIMESTAMP is generated when you run another AP working with the same BSSID. CRYPTODROP and CHANCHANGE are self-describing but are just warnings. Those three mentioned may be useful in detecting "rogue AP".
> > >
> > > I've found no way to detect selective disconnect against single client using aireplay-ng. I've managed to detect aireplay -9 ( injection and reachability test ) - number of clients reported by kismet grew rapidly. I know it may be false-positive, but it's better to know when such thing happens than not IMHO.
> > >
> > > I write some code - simple kismet client in python focused on alerts if you are interested.
> >
> > I'm very interested, I'm in my final year trying to implement an IDS (kismet+snort) as my senior project. Could you please send me the kismet python client at nik.csec@gmail.com , thank you very much.
>
> You motivated me to put in online. Grab airwatch from here:
> https://code.google.com/p/ziherung-cache/downloads/list
> I hope you'll find it useful.

I ll be sure to look at it tmr, and will tell you asap how it goes. Could you please give me your email address? Thank you!!


Reply to this message