Rules can be designed to trigger any event, e.g. QRoque access point: packet with a BSSID not in a MAC address whitelist QSTA association to a rogue access point: association success packet with a BSSID not in a MAC address whitelist QWEP injection: several WEP encrypted packets with a same MAC_STA address and same IV s Ruleset is about 60 signatures ranging from detection of QRogue access point: unauthorized BSSIDs, ESSIDs QMAC spoofing: several techniques QDoS: deauth/disasso, EAP-logoff/failure floods, … QEAP bruteforcing: load of EAP-Response Identity requests, … QWardriving: Netstumbler, Wellenreiter, … QInjection attacks: load of WEP packets with same IVs QMisconfiguration: default ESSIDs, …