Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection

["Joshua Wright" <Joshua.Wright () jwu edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have recently completed a white paper reviewing some of the tactics
used in 802.11 wireless LAN discovery applications including
NetStumbler, DStumbler and Wellenreiter.

Abstract:

Wireless LAN discovery through the use of applications such as
NetStumbler, DStumbler, Wellenreiter and others is an increasingly
popular technique for network penetration. The discovery of a
wireless LAN might be used for seemingly innocuous Internet access,
or to be used as a "backdoor" into a network to stage an attack. This
paper reviews some of the tactics used in wireless LAN network
discovery and attempts to identify some of the fingerprints left by
wireless LAN discovery applications, focusing on the MAC and LLC
layers. This fingerprint information can then be incorporated into
intrusion detection tools capable of analyzing data-link layer
traffic.

http://home.jwu.edu/jwright/papers/l2-wlan-ids.pdf


Please reply with comments off-list and I will post a summary (good
or bad, honestly :).

- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright () jwu edu 
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPc+zoI/i/ArUS0pzEQK5+ACgy2m9uA72bGjZlNKo7bw7jmHA+LsAoPxW
r1mA8dNgGvD3kZd0Cu3rbmI1
=DUpM
-----END PGP SIGNATURE-----