OpenBSD Journal

a Detecting 802.11 Discovery Apps

Contributed by jose on from the yes,-again-with-the-copycat dept.

Walter writes:
"This might be of use to wireless aficionados, from Slashdot :

Joshua Wright writes "I have written a white paper on detecting 802.11 Wireless LAN Network Discovery applications . Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic."

This looks rather interesting, and the focus on layer 2 as opposed to assuming layer 3 use looks of note, as well. Admins of wireless networks will want to incorporate some of this into their IDS monitoring.

(Comments are closed)

  1. By Brian Caswell () on

    Someone has already started work on this. Unfortunatly, the author has used the linux wlan-ng features instead of using the libpcap headers. widz -brian


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]