IDS mailing list archives
RE: WLAN IDS
From: "Rob Shein" <shoten () starpower net>
Date: Wed, 12 Feb 2003 11:10:39 -0500
I wouldn't say that decryption of WEP at "wire speed" is a dream (unless you really mean wire speed, in which case it IS a dream as there are obviously no wires). Remember, with WEP involved on 802.11b bandwidth drops to 2 Mbps, which is very simple to handle, even with the overhead of decryption. The real issue is that above layer 2, a regular IDS can do the job anyways. The only point to an IDS that focuses on WLANs is one that will spot attacks/probes/oddness that are unique to WLANs, which all happen at layer 2. That said, I think there is a place for a WLAN IDS that also checks for sniffing activity, which is a greater problem with WLANs than with standard wired networking. And frankly, I don't think it would be a good idea to suggest to a client that they "wait for 802.11i, for more robust security." That's not going to help them now, even if it turns out not to have any problems of its own, and we are all employed to provide solutions now :)
-----Original Message----- From: planz [mailto:planz235 () hotmail com] Sent: Monday, February 10, 2003 11:57 PM To: Will Schmied; focus-ids () securityfocus com Subject: Re: WLAN IDS WLAN IDS is a Layer 2 thing. At a maximum you can monitor MAC addresses and DHCP and ARP requests. (AirSnare). If you look at application layer, The packet data is encrypted using WEP key. Therefore, IDS need to decrypt these packets at wire-speed to analyse, which is a distant dream. Let's wait for 802.1i, for more robust security... ----- Original Message ----- From: "Will Schmied" <dontpanic () cox net> To: <focus-ids () securityfocus com> Sent: Sunday, February 09, 2003 10:29 AM Subject: WLAN IDSHas anyone got any thoughts about the various WLAN IDSapproaches outthere? Good, bad, other? I'm really just collecting general information here... Thanks, Will
Current thread:
- WLAN IDS Will Schmied (Feb 10)
- Re: WLAN IDS planz (Feb 11)
- RE: WLAN IDS Rob Shein (Feb 12)
- Re: WLAN IDS planz (Feb 18)
- RE: WLAN IDS Citadel Consulting (Feb 20)
- RE: WLAN IDS Citadel Consulting (Feb 20)
- RE: WLAN IDS Rob Shein (Feb 12)
- Re: WLAN IDS planz (Feb 11)