Thanks for the file...this will make good reading

didnt check out the link but just thinking about IDS for WLAN's, one could simply have his or her own dhcp server with trigger code. Once to many IP's are out on the WLAN pen test's, scanns alarms go off and trace the last node that got the IP.

easy az pie

Cool stuff,

other tools I use to make sure unknown APs and other machines get detected on my network is with arpwatch letting me know each new MAC on the network. I use 802.1X or MAC based authentication to actually prevent any new device coming on that hasn't been approved.

So while detecting anything new in the airwaves is cool, I tend to like the old fashioned approach of authenticated VLANs and preventing any unauthorized devices from even touching the network.

--P>G>>

Thnx for sharing that's a real nice paper


Greetz Imps2

Heres something that might be of interest . Simple yet does a pretty fair job.

AirSnare

Should accomplish some of what your looking to do.

AirDefense is a good product that my company resells. i havent had muchtime to look into it, but ive heard a lot of good things from the engineers here about it.

I've had the chance to attend a few AirDefense demos and like you I think it's a pretty good product. Pretty pricey if I recall correctly.

Sonicwall also has The SOHO TZW which might be of interest to those that are looking for something within a limited budget.

AirSnare is also pretty neat for the average home user.

Heres another link board members may find of interest concerning wireless
Wireless Intrusion Detection Systems - Talisker

Usually AirDefense is out at the gatherings and have a few or there toys setup. At one of the DefCons they setup shop and kept a tally of various attacks they recorded. AirDefense Discovers New Threats to Wireless LANs at Hacker Conference