1 Reply Latest reply: Jun 11, 2018 11:08 PM by Colin Findlay RSS

Wireless honeypots

Kenneth Munford

Has anyone else deployed a bssid wireless honeypot to suck down common ssid probes from clients and if so has it been effective to reduce your client probe load in dense environments?

  • Re: Wireless honeypots
    Colin Findlay

    Hi Kenneth,

     

    I can confirm that I have it deployed successfully in my own LPV environment, and it tends to work incredibly well in dealing with probes.

     

    I had played around with it for a while at first, but it has worked best for me using the following configuration:

     

    • Stick with default SSID of Honeypot, make it hidden.

     

    • Dead end connections into dead end VLAN called 'honeypot' or similiar - I did force it to my portal for a while, but it would capture the probing device and force it to the connection plash page of my portal, which wasn't ideal, as the portal connection concurrent count itself is relatively small (4000 concurrent users).

     

    I hope this helps.

     

    Regards

     

    Colin

     

    Colin Findlay

    IT Systems Engineer - XCWT & XCWP

    SEC | Scottish Event Campus | Glasgow G3 8YW | UK