TIDS - WLAN Intrusion Detection System
======================================
1. MAC address spoofing detection
      Based on the Sequence number (part of IEEE 802.11 standard frame format) analysis
2. Sniffer (Promiscuous mode) detection
      Using ARP and ICMP techniques to detect sniffers like Ethereal, airsnort etc.
3. DoS attack (Deauth/ Disassoc flood) detection
4. Rogue AP detection
5. Network mapper :  Shows all active clients along with their connecting APs and also nodes operating in ad-hoc mode.
5. Monitoring unsolicited Microsoft LAN sharing activity in hotspot environments.
6. Capable of monitoring multiple channels simultaneously using "monitor mode".
7. Support for CISCO Aironet, Linux- Wlan-ng and Orinoco Drivers.
      
TIDS was integrated on a Linksys Wireless-G 2.4 GHz Router (WRT 54G) using OpenWRT firmware. 
I also built up a demo lab to show typical attacks and how to implement countermeasures comprising 
of 2 Access Points (CISCO, Linksys), 2 Laptops (Fujitsu E-series Lifebook, Dell Inspiron) , a 
desktop PC and a CISCO hub. CISCO Aironet 350 series & Lucent Wavelan Silver PCMCIA adapter cards 
were used . Several TIDS enabled monitoring nodes were placed near the APs, to monitor the wireless 
medium and sending intrusion reports to a central server, which ran Snort a Layer-3 IDS to detect other 
intrusions.