Bitchslapping Wireless Ids/Ips Appliances (Break It!) presented at ShmooCon 2006

by Eldon Sprickerhoff,

Tags: Security Wireless

Summary : Over the last few months I have had the opportunity to test several commercial wireless IDS/IPS on behalf of a client. There are several marketing key points that most products profess to offer and trumpet:
Detection of rogue AP's
Detection of ad hoc networks
Recognize known attacks
Identify policy violations
Identify physical location of user/AP
Capture network traffic
Threat detection (MAC address spoofing, DoS, MiTM)
Lock out inappropriate behavior through wireless disassociation and/or through switch activity.
These purported capabilities were tested in depth; methods / code / results will be described. Questions to ask WIDS / WIPS vendors, and recommendations to WIDS / WIPS manufacturers will be detailed.