[RELiC]

Quote

GA Tech: Wireless Intrusion Detection and Response

Abstract
A prototype implementation of a wireless intrusion detection and active response system is described. An off the shelf wireless access point was modified by downloading a new Linux operating system with non-standard wireless access point functionality in order to implement a wireless intrusion detection system that has the ability to actively respond to identified threats. An overview of the characteristics and functionality required in a wireless intrusion detection system is presented along with a review and comparison of existing wireless intrusion detection systems and functionalities. Implemented functionality and capabilities of our prototyped system are presented along with conclusions as to what is necessary to implement a more desirable and capable wireless intrusion detection system.

http://users.ece.gatech.edu/~owen/Research/Conference%20Publications/wireless_IAW2003.pdf

../

../

Attached File(s)

•  wireless_IAW2003.pdf (259.95K)
  Number of downloads: 90

[billkennedy32]

didnt check out the link but just thinking about IDS for WLAN's, one could simply have his or her own dhcp server with trigger code. Once to many IP's are out on the WLAN pen test's, scanns alarms go off and trace the last node that got the IP.

easy az pie

[packet]

Cool stuff,

other tools I use to make sure unknown APs and other machines get detected on my network is with arpwatch letting me know each new MAC on the network. I use 802.1X or MAC based authentication to actually prevent any new device coming on that hasn't been approved.

So while detecting anything new in the airwaves is cool, I tend to like the old fashioned approach of authenticated VLANs and preventing any unauthorized devices from even touching the network.

--P>G>>

[Imps2]

Thnx for sharing that's a real nice paper


Greetz Imps2

[Spookie]

Heres something that might be of interest . Simple yet does a pretty fair job.

AirSnare

Should accomplish some of what your looking to do.

[twistedps]

AirDefense is a good product that my company resells. i havent had muchtime to look into it, but ive heard a lot of good things from the engineers here about it.

[Spookie]

I've had the chance to attend a few AirDefense demos and like you I think it's a pretty good product. Pretty pricey if I recall correctly.

Sonicwall also has The SOHO TZW which might be of interest to those that are looking for something within a limited budget.

AirSnare is also pretty neat for the average home user.

Heres another link board members may find of interest concerning wireless
Wireless Intrusion Detection Systems - Talisker

Usually AirDefense is out at the gatherings and have a few or there toys setup. At one of the DefCons they setup shop and kept a tally of various attacks they recorded. AirDefense Discovers New Threats to Wireless LANs at Hacker Conference