02 ~ Detection - SYWorks/wireless-ids GitHub Wiki

Detected Possible WEP Attacks

  • If a possible WEP attacks detected, it will show the Wireless client / Access Point MAC Address (AP Name) and also any authentication/association request made.

Detection-WEP

Detected Possible WEP Attacks (Korek Chopchop Method) - New

  • Korek Chopchop method is a method used by Aircrack-NG suite to attack on a WEP encrypted network.
  • Basing on the unique signature in the packets, WIDS is able to detect such attacking method.

chopchop

Detected Possible WEP Attacks (Fragmentation PRGA Method) - New

  • Fragmentation PRGA method is another method used by Aircrack-NG suite to attack on a WEP encrypted network.
  • Basing on these unique signature in the packets, WIDS is able to detect such attacking method.

chopchop

Detected Possible WPA Attacks

  • If a possible WPA attacks detected, it will show the Wireless client / Access Point MAC Address (AP Name) that the number of deauthentication packets were detected.
  • If handshakes were also detected, it will display the number of handshake packets found.

Detection-WPA

WPA Migration Attack - New

  • The Aireplay-NG WPA Migration Mode also use an unique method by sending request to Access Point using fake MAC address trying to authenticate with AP. These flooding is also being pickup by WIDS.

mitigation

Detected Possible WPS Attacks

  • Whenever a communication between a Wireless client and Access Point using EAP, their MAC Addresses will be displayed with the number of EAP packets were detected.
  • It consistent communication of such request, it is likely that a WPS Bruteforce is in progress.

Detection-WPS

Detected Changes In Clients Connection to Another Access Point

  • The script also detect any changes when a wireless client which is initially connected to a access point subsequently switch connection to another access point, which could have the possibility connection to a Rogue AP (User should also note the AP name)

Detection-Client

Detected Possible Rogue Access Point

  • WIDS also analyse the access point name for frequent changes which could be the possibility of 'Rogue AP' responding to probe by wireless devices.

Detection-RogueAP

Detected Possible Evil Twins - New

  • With the similar AP names detected, WIDS will display these APs with similar names which could have the possibility of Evil Twins.
  • Not all similar AP names are evil twins as some routers can have two or more similar name set by users.
  • It is the user discretion to decide whether is it a evil twins.

Detection-EvilTwins

Detected TKIPTUN-NG Attack - New

  • When a high number of QOS Data packet is sent to a WPA/TKIP encrypted network, there could be a possibility of attack by TKIPTUN-NG .

Detection-tkiptun-ng

Detected Michael Shutdown Exploitation Attacks - New

  • WIDS is able to detect possible attack using MDK3 Michael shutdown exploitation (TKIP) options

michaelshutdown

Detected Authentication DoS - New

  • With too much authentication request from wireless clients, WIDS will display if there is a possibility of Authentication DoS by authentication flood by MDK3

Detection-authdos

Detected Beacon Flooding - New

  • WIDS will also display possible Beacon flooding attacking by MDK3

Detection-beaconflood

Detected WPA Downgrade Test Attack - New

  • WIDS also detect possible WPA Downgrade Test attack option by MDK3

Detection-downgrade

Displaying of Probing Wireless Devices - New

  • WIDS also allow to display detected wireless devices that probing for any SSID or not participating in any connection of network.

probing

Support & Like My Page SYWorks

Prev Page......Next Page

Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️