The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection

Posted by Xavier Ashe on May 2, 2006

Wireless LAN discovery through the use of applications such as
NetStumbler, DStumbler, Wellenreiter and others is an increasingly
popular technique for network penetration. The discovery of a
wireless LAN might be used for seemingly innocuous Internet access,
or to be used as a “backdoor” into a network to stage
an attack. This paper reviews some of the tactics used in wireless
LAN network discovery and attempts to identify some of the fingerprints
left by wireless LAN discovery applications, focusing on the MAC
and LLC layers. This fingerprint information can then be incorporated
into intrusion detection tools capable of analyzing data-link
layer traffic.

Pretty good whitepaper by Polarcove.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: