Wireless IDS is an open source tool written in Python and work on Linux environment. This tool will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets. It do the following
- Detect mass deauthentication sent to client / access point which unreasonable amount indicate possible WPA attack for handshakes.
- Continual sending data to access point using broadcast MAC address which indicate a possibility of WEP attacks
- Unreasonable amount of communication between wireless client and access point using EAP authentication which indicate the possibility of WPS bruteforce attack by Reaver / WPSCrack
- Detection of changes in connection to anther access point which may have the possibility of connection to Rogue AP (User needs to assess the situation whether similar AP name)
- Detects possible Rogue Access Point responding to probe by wireless devices in the surrounding.
- Display similar Access Point's name (SSID) which could have the possibility of WiFi 'Evil Twins'.
- Display of probing SSID by wireless devices
- Detection of Korek Chopchop packets sent by Aircrack-NG (WEP attacks)
- Detection of Fragmentation PRGA packets sent by Aircrack-NG (WEP attacks)
- Detection of possible WPA Downgrade attack by MDK3
- Detection of possible Michael Shutdown exploitation (TKIP) by MDK3
- Detection of Beacon flooding by MDK3
- Detection of possible Authentication DoS by MDK3
- Detection of possible association flooding
- Detection of WPA Migration Attack by Aircrack-NG (WPA Attack)
- Allow logging of events to file.
- Allow disabling of displaying of probing devices
- Setting of scanning count..
Visit and Like my Facebook Page for other updated information and tools.
Read Wiki for installation and other details (https://github.com/SYWorks/wireless-ids/wiki)
Submit issue here