IDS mailing list archives
Re: wlan ids
From: pbsarnac () ThoughtWorks com
Date: Thu, 24 Oct 2002 09:40:18 -0500
I think you're missing the point of wireless IDS. You don't actually need to detect IP-based attacks... that's what conventional NIDS do. Just throw a sensor off the back of your WLAN choke-point and be done with it. (You're not actually connecting a bunch of access points directly to your LAN, are you? Wireless access points should be on their own network firewalled off from the internal LAN, which conveniently provides a place to look for standard network attacks.) What wireless IDS actually does is look for attacks directly against your wireless network such as MAC spoofing, forged 802.11 management frames, wireless DOS, man-in-the-middle, rogue access points, etc. In this case, WEP doesn't matter, because these attacks take place against unencrypted 802.11 headers and management frames. I had a chance to talk with the AirDefense guys at Defcon, and they fired up a demo for me in the main conference room. The number and types of attacks that were picked up was definitely impressive. If you're concerned about the types of attacks mentioned above, they I would certainly recommend the product. If, on the other hand, you're concerned about a wardriver launching attacks against your intranet servers, then you should really look at standard NIDS. Since the NIDS will hang of the back of your wireless network, you won't have to worry about WEP... the access points will have already decrypted the traffic for you. You can see Robert Baird and Michael Lynn's Black Hat presentation here. It mentions some of the attacks possible against 802.11 networks and mentions countermeasures (including the use of AirDefense, of course.) http://www.blackhat.com/html/bh-usa-02/bh-usa-02-speakers.html#Baird ----- Original Message ----- From: "cyclon jet" <cyclonjet () hotmail com> To: <focus-ids () securityfocus com> Sent: Tuesday, October 22, 2002 8:21 AM Subject: wlan ids
Hi, Will wireless ids actually help in protecting WLAN if encryption is
already
on? Has anyone come across airdefense? Any feedback about their wireless ids? Regards, cj _________________________________________________________________ Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Current thread:
- wlan ids cyclon jet (Oct 22)
- Re: wlan ids Jérôme Tytgat (Oct 23)
- Re: wlan ids Frank Knobbe (Oct 24)
- <Possible follow-ups>
- RE: wlan ids Alan Shimel (Oct 22)
- Re: wlan ids pbsarnac (Oct 24)
- Re: wlan ids Jérôme Tytgat (Oct 23)