Hi guys,
I´m looking into a strange Kismet behavior.
The wireless IDS I´m running is based on:
Kismet Newcore Server 2011-03-R2
Kismet Newcore Drones 2010-07-R1 running on Atheros Fonera Drones
This setup is working great!
Then I´ve tried to add a drone based on TP-Link´s TL-WR1043ND access
point with a AR71xx 802.11ng chipset and running OpenWrt Backfire
10.03.1-RC6
The wireless chipset driver is ath9k/mac80211
It didn´t matter which version of the Kismet-drone I´ve tried, I ended
up with Kismet filling up the logs with strange APs popping up. See log
output below!
Next to Kismet 2011-03-R2 I´ve compiled the lastest svn version of
Kismet-Drone for OpenWrt Backfire, both including full support for
libnl/netlink mac80211.
But still......
These BSSIDs look weird. They are changing and popping up every second.
I´d have expected ~30 APs around me but not hundreds of them in a few
minutes, all with hidden SSID. But it looks more like a general wireless
driver issue as even Aircrack/Airodump-ng shows some strange APs. Both
either Kismet or Aircrack show broken SSIDs with strange characters in
them, too.
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 48:2D:35:DF:BA:72,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 54:49:85:9F:4C:49,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID E4:54:97:63:58:64,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 38:2F:D1:48:E1:BF,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID BB:63:45:87:FA:8A,
encryption no, channel 0, 0.00 mbit
INFO: Detected new managed network "<Hidden SSID>", BSSID 37:44:79:6F:01:F2
, encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 15:36:B8:4E:13:0D,
encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 3E:E0:96:8A:5A:EE,
encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 73:8F:F0:2F:80:9D,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new managed network "<Hidden SSID>", BSSID F9:B0:5E:08:39:E3
, encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 5A:46:FC:11:D9:3C,
encryption no, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID E5:DB:15:B0:31:14,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new data network "<Unknown>", BSSID 31:F2:29:E9:73:39,
encryption no, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID 5F:89:FA:75:FB:E1,
encryption yes, channel 0, 0.00 mbit
INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID CE:1B:50:D8:1F:21,
encryption no, channel 0, 0.00 mbit
An suggestions?
Thanks,
Nils
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
