Wireless LAN Controller - Penetration Test for Wireless IDS Pack

leon.mflai · ‎08-15-2008

Hi,

Recently, I deployed a Cisco Unified WLAN solution w/ WLC, LAP, WCS and ACS. The customer concerns about security very much. They want a security penetration test over the whole WLAN system.

However, I am confused by testing about WLC internal IDS signature pack.

How can I test the IDS signature pack? Do you have any suggestion?

You may refer to following URL for the topics that I'm talking about.

http://www.cisco.com/en/US/docs/wireless/controller/5.1/configuration/guide/c51sol.html#wp1537821

tstanik · ‎08-21-2008

Please have a look at comm. view for wifi, It is used to replay packets into wifi network .You can specify the frequency pattern /No of packets per sec etc etc . The settings on the tool depends on the signature pattern/ frequency of the attack . The tool also has an option to capture packets and replay it and it is easy to work with.

leon.mflai · ‎09-04-2008

hi,

I can't use Comm view for Wifi because my Commview packet capture driver cannot support my network adapter.

I finally did a researh with Linux-based WLAN attack tools called "Auditor Live CD" and "BackTrack3 Live CD". I can launch WLAN Deauthen / Deassoc flood by File2Air over my TP-Link Atheros chipset WLAN adapter.

Finally, the MFP protection engine in WLC can fire alert.

Thanks

Leon Lai

leon.mflai · ‎09-04-2008

hi,

I can't use Comm view for Wifi because my Commview packet capture driver cannot support my network adapter.

I finally did a researh with Linux-based WLAN attack tools called "Auditor Live CD" and "BackTrack3 Live CD". I can launch WLAN Deauthen / Deassoc flood by File2Air over my TP-Link Atheros chipset WLAN adapter.

Finally, the MFP protection engine in WLC can fire alert.

Thanks

Leon Lai