cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr

Ask Me Anything – How to Enable Network Connectivity to Remote Workers
220
Views
0
Helpful
3
Replies
Highlighted
Beginner

WIPS test using Honeypot in Kali Linux

helo all,

 

I am currently installing Cisco wireless IPS (WIPS), which is the WIPS are integrated with Cisco Prime and WLC. The installation already done and i try to prove the feature of WIPS that can prevent Rogue AP. I'am using Honeypot that running in Kali Linux to provide the simulation of Rogue AP attacks.

When i do the simulation with Honeypot configured same SSID with WIPS SSID, users (using laptop) that trying to connect to wireless with that SSID are intercepted to connect to Kali Linux Honeypot SSID, and the user get the IP address from Kali Linux Honeypot. And when i try to reconnect to the wireless access, users still connect to Honeypot. The wireless connection of users can back to Original SSID when i turn off the Honeypot service. It's Meaning that WIPS aren't running properly yet. I Try to check in Cisco Prime and WLC notification alert but its not showing that the attack are "contained".

 

The question is:

- why the WIPS cannot intercept the rogue AP attack ?

- is it possible to get the users back to original SSID when it's already connect to fake SSID ?

- what should i configure or check in my WIPS/PRIME to fix this WIPS installation ?

- can someone give me other references about configuring Honeypot and WIPS installation?

 

Thanks,

Yuslivan

Everyone's tags (6)
3 REPLIES 3
Highlighted
VIP Advocate

Re: WIPS test using Honeypot in Kali Linux

On the WLC, what is your rogue containment policy?
Do you have APs running nearby on the same channel/frequency?
Highlighted
Beginner

Re: WIPS test using Honeypot in Kali Linux

hi patoberli, 

thanks for reply.

1. rogue containment policy based on rogue rule, contain malicous rogue ap detected with the same SSID
2. no we dont have, in the testing room we just deploy 1 monitor mode ap 4800 series aironet and honeypot ap (running in laptop running kali).

 

yus

Highlighted
VIP Advocate

Re: WIPS test using Honeypot in Kali Linux

I'm not entirely sure, but I think an AP in monitor mode only monitors and doesn't send any packets. For the protection you need to use client serving APs on the same channel like the rogue AP.
CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey