Nils - i have the same behavior here - suspect karma or some sort ap spoofing - if you let it run and look into it a bit more (run kismet perl script on your logs) you will see that most are emanating from just a few aps...that is my 2 cents anyways -
On Fri, Nov 25, 2011 at 7:00 AM, <[email protected]>wrote: > Send Pauldotcom mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Pauldotcom digest..." > > > Thank you for subscribing to the PaulDotCom Mailing list digest. Please > visit our site, http://pauldotcom.com, for more hacking entertainment. > > Today's Topics: > > 1. Strange Kismet Newcore behavior (Nils) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 24 Nov 2011 09:40:42 +0100 > From: "Nils" <[email protected]> > Subject: [Pauldotcom] Strange Kismet Newcore behavior > To: [email protected] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > > Hi, > any one having Kismet newcore running on TP-Link TL-WR1043ND without any > problem? > The problem is not about the general installation or configuration, it > is about the Kismet log filling up with strange/weird APs. Please see > below. > > Thanks, > Nils > > > On 21.11.2011 18:09, Nils wrote: > > Hi guys, > > I?m looking into a strange Kismet behavior. > > > > The wireless IDS I?m running is based on: > > Kismet Newcore Server 2011-03-R2 > > Kismet Newcore Drones 2010-07-R1 running on Atheros Fonera Drones > > This setup is working great! > > > > Then I?ve tried to add a drone based on TP-Link?s TL-WR1043ND access > > point with a AR71xx 802.11ng chipset and running OpenWrt Backfire > > 10.03.1-RC6 > > The wireless chipset driver is ath9k/mac80211 > > It didn?t matter which version of the Kismet-drone I?ve tried, I ended > > up with Kismet filling up the logs with strange APs popping up. See > > log output below! > > Next to Kismet 2011-03-R2 I?ve compiled the lastest svn version of > > Kismet-Drone for OpenWrt Backfire, both including full support for > > libnl/netlink mac80211. > > But still...... > > These BSSIDs look weird. They are changing and popping up every > > second. I?d have expected ~30 APs around me but not hundreds of them > > in a few minutes, all with hidden SSID. But it looks more like a > > general wireless driver issue as even Aircrack/Airodump-ng shows some > > strange APs. Both either Kismet or Aircrack show broken SSIDs with > > strange characters in them, too. > > > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > 48:2D:35:DF:BA:72, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID 54:49:85:9F:4C:49, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > E4:54:97:63:58:64, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > 38:2F:D1:48:E1:BF, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID BB:63:45:87:FA:8A, > > encryption no, channel 0, 0.00 mbit > > INFO: Detected new managed network "<Hidden SSID>", BSSID > > 37:44:79:6F:01:F2 > > , encryption yes, channel 0, 0.00 mbit > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > 15:36:B8:4E:13:0D, > > encryption no, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID 3E:E0:96:8A:5A:EE, > > encryption no, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID 73:8F:F0:2F:80:9D, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new managed network "<Hidden SSID>", BSSID > > F9:B0:5E:08:39:E3 > > , encryption yes, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID 5A:46:FC:11:D9:3C, > > encryption no, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID E5:DB:15:B0:31:14, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new data network "<Unknown>", BSSID 31:F2:29:E9:73:39, > > encryption no, channel 0, 0.00 mbit > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > 5F:89:FA:75:FB:E1, > > encryption yes, channel 0, 0.00 mbit > > INFO: Detected new ad-hoc network "<Hidden SSID>", BSSID > > CE:1B:50:D8:1F:21, > > encryption no, channel 0, 0.00 mbit > > > > > > > > An suggestions? > > Thanks, > > Nils > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > > > > ------------------------------ > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > > End of Pauldotcom Digest, Vol 38, Issue 14 > ****************************************** > -- Best Regards, Shep Husted opensourceservers.com opensourcenetworks.com engineeredcomputer.com 1-207-409-4038 809 congress st. #7 portland, maine 04102
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
