[unisog] Wireless IDS Options

Adam Brons abrons at peldor.occs.odu.edu
Fri May 27 12:36:25 GMT 2005


I believe Kismet is a perfect fit.  We've had it on our slate for
some time now to deploy kismet sensors throughout the campus and
have them report back to snort.  We've also trolled the logs looking
for signs of hacker activity and rogue access points.

We've used Kismet on a laptop and have done our own "war driving" on
campus looking for rogue access points with much success.  It writes
all log data in pcap format which makes it work with a number of
open source utilities (snort, ethereal, tcpdump, etc).

It's client/server based.  The only part that needs to run on the
sensor is the monitor code.  This allows you to have several devices
talk to one Master Kismet server and use remote clients to view
live/archived data.  As I mentioned  before, you can also have the
server feed directly into snort for IDS processing.

Hope this helps

-Adam

On Thu, May 26, 2005 at 05:24:06PM -0400, Dean De Beer wrote:
> From: "Dean De Beer" <ddb at plazacollege.edu>
> To: "'UNIversity Security Operations Group'" <unisog at lists.sans.org>
> Date: Thu, 26 May 2005 17:24:06 -0400
> Subject: [unisog] Wireless IDS Options
> 
> 
> Hi All,
> 
> I was wondering what solutions/products everyone is using to monitor
> wireless traffic? Currently we are not looking at the traffic until it
> arrives on the the switch the AP is connected to. We have snort sensors
> monitoring this traffic and are testing Radware's Defense Pro. We use
> Bluesocket's wireless gateways to manage logins via RADIUS, VLANS, etc...
> And have been looking at their intrusion prevention product Bluesecure as a
> solution for monitoring wireless traffic. It seems very similar to RFProtect
> but has the added advantage of easy intergration with the wireless gateway.
> Is anyone using open source products like Kismet at all?
> 
> 
> Cheers,
> 
> Dean
> 
> 
> Dean De Beer
> Manager, I.T
> Plaza College
> Jackson Heights, NY
> 
> 
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog


More information about the unisog mailing list