Slashdot Mirror

← Back to Stories (view on slashdot.org)

Detecting 802.11 Discovery Apps

Posted by Hemos on from the looking-at-the-backdoor dept.

Joshua Wright writes "I have written a white paper on detecting 802.11 Wireless LAN Network Discovery applications. Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic. "

1 of 165 comments (clear)

  1. Ok, so you've detected an intrusion... by lorcha · · Score: 5, Insightful
    ... now what? No, seriously, what do you do once you've detected unauthorized access short of looking out your window for a guy with a Pringles can?

    Normally, when you detect an intrusion, you have an IP address, you find its owner, and then try to determine who was using that address at the time of detection, and hopefully prosecute. It just seems to me that with 802.11, your best bet is to secure the thing rather than trying to figure out whose PDA inside a backpack is polling your network.

    --
    "Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent