[unisog] Wireless IDS Options

Dean De Beer ddb at plazacollege.edu
Fri May 27 15:10:25 GMT 2005

Thanks Adam,

We have been using Kismet here as well and it's been very effective. We have
started to look at deploying sensors around campus too but were curious as
how successful others had been at rolling it out and what hardware they were
using for the sensors?


-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Adam Brons
Sent: Friday, May 27, 2005 8:36 AM
To: unisog at lists.sans.org
Subject: Re: [unisog] Wireless IDS Options

I believe Kismet is a perfect fit.  We've had it on our slate for some time
now to deploy kismet sensors throughout the campus and have them report back
to snort.  We've also trolled the logs looking for signs of hacker activity
and rogue access points.

We've used Kismet on a laptop and have done our own "war driving" on campus
looking for rogue access points with much success.  It writes all log data
in pcap format which makes it work with a number of open source utilities
(snort, ethereal, tcpdump, etc).

It's client/server based.  The only part that needs to run on the sensor is
the monitor code.  This allows you to have several devices talk to one
Master Kismet server and use remote clients to view live/archived data.  As
I mentioned  before, you can also have the server feed directly into snort
for IDS processing.

Hope this helps


On Thu, May 26, 2005 at 05:24:06PM -0400, Dean De Beer wrote:
> From: "Dean De Beer" <ddb at plazacollege.edu>
> To: "'UNIversity Security Operations Group'" <unisog at lists.sans.org>
> Date: Thu, 26 May 2005 17:24:06 -0400
> Subject: [unisog] Wireless IDS Options
> Hi All,
> I was wondering what solutions/products everyone is using to monitor 
> wireless traffic? Currently we are not looking at the traffic until it 
> arrives on the the switch the AP is connected to. We have snort 
> sensors monitoring this traffic and are testing Radware's Defense Pro. 
> We use Bluesocket's wireless gateways to manage logins via RADIUS, 
> VLANS, etc... And have been looking at their intrusion prevention 
> product Bluesecure as a solution for monitoring wireless traffic. It 
> seems very similar to RFProtect but has the added advantage of easy 
> intergration with the wireless gateway. Is anyone using open source 
> products like Kismet at all?
> Cheers,
> Dean
> Dean De Beer
> Manager, I.T
> Plaza College
> Jackson Heights, NY
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list