Summary

Although wireless attacks are often more difficult to trace than their wired counterparts, the development of wireless-specific IDSs is moving at a fast pace and constitutes a very fast-growing sector of the wireless security market. Wireless IDSs must analyze and report suspicious events taking place at both the first and second OSI model layers and support integration with higher layers' "traditional" IDS appliances. Due to the peculiarities of wireless networking, a good wireless IDS should be both signature- and knowledge-based. To cover the whole network perimeter, the deployment of remote wireless IDS sensors can be considered. In this chapter we reviewed suspicious events on WLANs and their significance, as well as known, proven signatures of common wireless attacks and hacker tools. This information should be useful not only to wireless security consultants and system administrators, but also to wireless IDS software and hardware developers. Currently, there is no perfect wireless IDS that covers all possible intrusion signs outlined in this chapter. We briefly reviewed several available commercial wireless IDS tools, but the main focus in the rest of the chapter was on using free open source wireless IDS tools and deploying custom-built wireless IDS sensors to satisfy your curiosity and fulfill cracker-tracing needs. You can be quite creative at building, modifying, and using these appliances. In fact, deploying such a custom-built IDS system could be a worthy hack!