Solved: How to test WiPS on Wireless Infrastructure???

Arturo Sanchez Ruiz · ‎08-26-2014

How can I test the wips functionallity on a wireless infrastructure using a wlc 5508,3700 APs with WiPS module, NCS PRIME 2.0 and MSE with WiPS?

At this time the APs are as local mode and wips sub mode on WLC 5508, and the WiPS licenses on NCS are installed.

What could be the best scenario(software, antennas, cards) to test the wireless security with this infrastructure?

REGARDS.

abwahid · ‎09-09-2014

Hi,

please go through below link which probably will remove you glitch.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

View solution in original post

Amjad Abdullah · ‎09-16-2014

You may use Kali Linux to do some wireless attacks on your network and see how they're being detected by your WIPs.

you may google for kali linux wireless attacks. here is one example link:

https://www.packtpub.com/books/content/kali-linux-%E2%80%93-wireless-attacks

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

abwahid · ‎09-09-2014

Hi,

please go through below link which probably will remove you glitch.

http://www.cisco.com/c/en/us/td/docs/wireless/technology/wips/deployment/guide/WiPS_deployment_guide.html

Amjad Abdullah · ‎09-16-2014

You may use Kali Linux to do some wireless attacks on your network and see how they're being detected by your WIPs.

you may google for kali linux wireless attacks. here is one example link:

https://www.packtpub.com/books/content/kali-linux-%E2%80%93-wireless-attacks

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Arturo Sanchez Ruiz · ‎09-17-2014

Thank you for your answer, I´ll try to do that. REGARDS

Arturo Sanchez Ruiz · ‎09-19-2014

I´m doing that and flooding to the core switch of my lab where I´m testing that, what do I have to see in NCS at the time I´m flooding with the software, what does WiPS must do in order with the attack??? REGARDS

Amjad Abdullah · ‎09-21-2014

What you have to do is to either impersonate the AP (send deauth messages to the client on behalf of your AP with your AP BSSID as the source MAC) or use floods DoS (authentication floods for example, a client that tries to maliciously send high number of auth requests to the AP and stops at that stage of state machine which will fill the Association table of the AP and prevents other clients form being able to connect).

Here is Cisco WIPS Policy Alarm Encyclopedia:

http://goo.gl/LXBLW5

My question here would be: Do you have a Mobility Service Engine (MSE) in your infrastructure? That's necessary to be available with WIPS service running and that must be integrated with WLCs and NCS/Prime.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Arturo Sanchez Ruiz · ‎09-21-2014

Yes, I have Ucs with Ncs and MSE on virtual mode, 2 wlc 5508 and 1 ap 3602 with WiPS module, and one laptop doing DoS attacks , and when I do that, I only see the Mac on NCS map but nothing else happens, at this time i have MFP not configured because in the past we had some issues with the feature, do we have to configure it ????

Amjad Abdullah · ‎09-22-2014

You don't have to run MFP. But you need to make sure that wIPS service is running correctly on on the MSE and MSE, NCS and WLC area all synched.

Have you followed the deployment guide and created wIPS profiles on NCS?

http://goo.gl/MgUxSU

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"