IDS mailing list archives
Re: WLAN IDS
From: "planz" <planz235 () hotmail com>
Date: Tue, 11 Feb 2003 12:56:39 +0800
WLAN IDS is a Layer 2 thing. At a maximum you can monitor MAC addresses and DHCP and ARP requests. (AirSnare). If you look at application layer, The packet data is encrypted using WEP key. Therefore, IDS need to decrypt these packets at wire-speed to analyse, which is a distant dream. Let's wait for 802.1i, for more robust security... ----- Original Message ----- From: "Will Schmied" <dontpanic () cox net> To: <focus-ids () securityfocus com> Sent: Sunday, February 09, 2003 10:29 AM Subject: WLAN IDS
Has anyone got any thoughts about the various WLAN IDS approaches out there? Good, bad, other? I'm really just collecting general information here... Thanks, Will
Current thread:
- WLAN IDS Will Schmied (Feb 10)
- Re: WLAN IDS planz (Feb 11)
- RE: WLAN IDS Rob Shein (Feb 12)
- Re: WLAN IDS planz (Feb 18)
- RE: WLAN IDS Citadel Consulting (Feb 20)
- RE: WLAN IDS Citadel Consulting (Feb 20)
- RE: WLAN IDS Rob Shein (Feb 12)
- Re: WLAN IDS planz (Feb 11)