search

SYWorks / wireless-ids

Ability to detect suspicious activity such as (WEP/WPA/WPS) attack by sniffing the air for wireless packets.
https://www.facebook.com/media/set/?set=a.767725556588881.1073741830.281645261863582
GNU General Public License v2.0
243 stars 86 forks source link

wIDS doesn't detect RogueAP #5

Open danielhnmoreno opened 9 years ago

danielhnmoreno commented 9 years ago

Hey SyWorks, your wIDS is Wonderful! But i got it an error!

The tool doesnt detect Rogue AP

For example: If i have ONE ACCESS POINT and RogueAP (OPN) connected over ethernet in this network, the tool doesn't give me any WARNING!

Can you re-write your tool to detect RogueAP ?

Im send to you a PIC, for more details, ok?

http://danielmoreno.orgfree.com/123.jpg

Very thanks

SYWorks commented 9 years ago

The error that you mentioned it not an error at all.There is no way the "RougeAP" that you set up can be detected as an rogue ap as it is basically an open network with malicious intent. WIDS sniffed the traffic in general and are not like internal IDS for your own internal network. The Rogue AP that WIDS can detect are a) Rogue AP that will impersonate itself as the AP name that was probed by devices (like Pineapple) b) AP with the similar name as possible indication of rogue AP (in WAIDPS only).