Slashdot Mirror
Detecting Wireless LAN Users
technosavvy writes "With wireless home networks and applications like NetStumbler becoming so popular, it's surprising that there are so few consumer-oriented applications that help monitor who is connecting to your wireless network. Bob Brewin of ComputerWorld lists three tools with this purpose in mind in his article "Tools for detecting rogue wireless LAN users"." I just like running etherape.
Wireless lan technology is still in it's infancy, the thing is that people are more interested in hacking/cracking wireless networks than protecting them at the moment. That will change as people realise how insecure the default settings are.
Actually, the application mentioned in the first link is here.
So what if you can detect when a rogue has connected to your wireless network. A passive data gatherer connected to your wireless network can often times gain enough information to connect to your network externally (Internet, VPN, etc). So just knowing that noone is actively using your wireless network doesn't mean that noone is hacking your network because of your wireless network.
Or:
"I'll take nal bum covers for 300, Alex"
"That's album covers, Mr. Connery."
"Nonsense, I spent years trying to make an anal bum cover. Failing to do so has been my biggest regret."
Finally, math books without any of that base 6 crap in them.
No. I think most of the
Now, it would be real funny if you were a spammer making that statement.
Fight Spammers!
Slashdot and its readers have always been consfused about the differences between digital rights and petty theft. I've had to turn a blind eye to it just to keep the bile down in my throat when I read the page.
Finally, math books without any of that base 6 crap in them.
Check out Kismet over here. It can run on Linux PDA's like the Zaurus and iPaq as well as your laptop. It also has GPS support and speach output (through festival).
Ugh. Usually I wait until things near the bottom of the homepage before clicking a link. Otherwise, you can click and go for coffee. I hope the article is good. OOH! There's the Galeon tab turning blue now - Later! Good Luck.
Visit my blog http://www.protocolostomy.com
I know this is not a radical idea, but I'm going to say it again. I think broadband Internet access should become part of a city's infrastructure, like roads and garbage service. I'd even pay for it like a utility (like water treatment or gas). God knows it'd get rid of silly little disputes over 'stealing' or redistributing bandwidth and cable companies penalizing users for doing what they signed on to do...use lots of bandwidth.
Can I bum a sig?
For corporations with Mucho Moolah(TM), you can get ISS Wireless Scanner ( http://www.iss.net/products_services/enterprise_pr otection/vulnerability_assessment/scanner_wireless .php ).
Actually it's a pretty cool product, it'll detect access points with SSID broadcast turned off, it'll detect wireless users, it'll even try to break into the access points (haven't used the feature much, so I'm not sure what it tries to do there).
Unfortunately it only runs on Win 2000 (I run it on XP, but that's unsupported), and only works with Orinoco cards and a couple of the known derivatives. On the plus side, it's got all the cool alerting features like SNMP and SMTP, and it has the "authorized list" of access points to minimize false positives...
-Jack Ash
PS: No, I'm not affiliated with ISS, but I run and administer their products at my office, including Wireless Scanner.
If memory serves (and it's been about a year since I had an Airport base station) the interface was very good and let you monitor who was using your bandwidth, etc.
As I recall, it made it very easy to require a password or enable 802.11b encryption, etc.
That's my purse! I don't know you! -- Bobby Hill
That someone in my apartment complex gets a wireless router and I can steal their bandwith and get free internet access :)
Seriously instead of purchaisng this just make sure only registered MAC's can be authorized by your router and that knocks out the casual browser. Then have it log all access ( I am sure most routers can do this) and at least for home use you should be good. Coporations need to take some more precautions but i am not a security expert so...
Of course it is wrong to steel from a paying customer of a set of bandwidth. But this is just a security concern that eventually will be dealt with accordingly. What is more interesting is setting up a new mesh internet of wireless broadcasts acroos the continent that is essentially public and nearly every where.We need to put a stop to the growing practice of paying per byte we send/rcv.
A Good Troll is better than a Bad Human.
Is there a program like NetStumbler that runs on OS X? Or a OS X front-end to a unix one?
Why in the heck would you want to do that?
John Stossel has shown on his 20/20 TV segment that cities make things WORSE when they run it. Privatize the city water system, and you get cleaner water cheaper. End the city's monopoly on cable TV providers, and you get competition.
Get the phone company out of city regulation, and you get competition.
The same is true over and over and over again. Some cities in foreign countries have been privatizing the roads (so you only pay for what you use, rather than distribute it to people who don't even use the roads), and have seen wide success in those ventures.
I don't want the city controlling anything, especially my data. This idea is frightening to me, and I'd gladly vote with my feet if something like this happened.
In most places in the country, people pay individually for their garbage service, water and gas. If I'm paying by the bag, you better damn well not put your trash in my can.
The only service that can't be stolen is free service, and there simply isn't such a beast. Hell, even roads aren't free. If you have an unregistered car (and thus, have paid no taxes), you can't legally use the road.
This is all good for network security assurance and auditing, but doesn't fix the basic security problems with using WLAN 802.11 technology. I suggest that we use a new security model for WLAN security:
1) Obscure SSID names and WEP should not be used on your WLAN just to provide management/users with a false sense of security;
2) Put the WLAN access point outside your firewall (layer 1 security);
3) Use firewall VPN technology for layer 2 security;
4) Use IPSec protocol for network layer 3 encryption;
5) Use digital certificates for layers 4-6 strong authentication;
6) Enforce Corporate security policy on WLAN deployment & use;
7) Regular audit and security assurance work to detect the addition of new WLAN points to your network.
There are good reasons for using WLANs, and you probably can't stop the keeners from adding access points, but you can try to mandate how they will be added in a secure and managable fashion.
Cheers,
-wjc.
"I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
I was driving through my neighborhood, innocently watching my laptop which is equipped with zero snooping software, and noticed I suddenly had a "very low" signal. I circled around a bit and narrowed it down to a couple of houses. I wish I had a way to let this person know they were vulnerable.
network: linksys
user: (null)
pw: admin
ok. They deserve whatever they get.
I would like a log to know which of my neighbors is trying to "share" my bandwidth.
Anything you say will be held against you.
Weeeelllll, I didn't install the Wireless encryption software (don't remember the exact name) and would instead unplug the wireless HUB when I wasn't using it. One weekend, I forgot to do this. Out of curiousity, I check the ARP on my DSL switch and found _3_ MAC entries. I only have 2 computers...
Was this my own fault? Yes, absolutely, no question. Was I a moron for not configuring and running the WEP (Wireless Encrption Protocol)? Again, yes. But think about all the wireless LAN products being sold and how many are protected, or NOT protected.
Where has your internet connection been today?
Computer Science is Applied Philosophy
This is exactly correct. 802.11 should ALWAYS be used OUTSIDE firewalls, and considered standard, public, insecure internet service. Then use IPSec plus whatever additional features are required to get into the private network.
sulli
RTFJ.
A thread on pen-test over at securityfocus has developed into an extremely well developed list of wireless security tools. The most recent thread post is archived at neohapsis, among other places, and the list of all the tools with description and license information is also online.
I guess with the opensourcing of Apple's zeroconf implementation there could be some implementation that enables you to monitor rogue network connections.
;-)
;-)
I was fooling around with iChat and its Rendezvous component and I would imagine that when some idiot neighbour connects to your Airport network and forgets to quit iChat,you could be in for a laugh when he gets an instant-message from you
A simple "Who are you and why are you using my Airport network" would be quite a shock I guess.
And a reply from your neighbour stating that you were asking for it because your didn't implement WEP or MAC restriction would be a nice one too
blaah !
Yes, implementing a WiFi infrastructure might be done cheaper, more scalable, etc, but compare to the NSF and the current Internet. The NSF put in the standards, and by implementing them, made the standards change je jure become de facto.
Look at all the different cell phone systems we have available to us... pretty great, huh? Except that they are incompatible with each other, have different coverages, and infrastructure is at least tripled to accomadate different standards without tripling the bandwidth.
I think competition is a great thing.. once you have standards in place, not as a knee-jerk reaction to getting the job done best.
Also, Cook county kicks Lake county's ass.
This comment is guaranteed*
*not guaranteed
Wait a sec -
You know you're running an unsecured wireless network and you want tools to find the 'rogue' people using it?
You're going to *buy* this tool?
Why don't you just secure the network?
Even WEP, with all its faults, will keep out casual stumblers. Use a VPN if you need real security.
When I see a wireless network with no WEP and a DHCP server, I see a 'welcome Mat'. I assume it's OK for me to check my mail or browse the web a bit.
In fact, I no longer have to do anything to set up my laptop - Os X Jaguar sets up the connection for me.
There's an old saying that good fences make good neighbors - I think that applies to wireless networks as well...
Cheers,
Jim
(PS - Go ahead, be a dork - mod me overrated instead of replying. I no longer care.)
-- My Weblog.
It may be a good idea in terms of lowering prices and increasing access (to neighborhoods that currently don't have any broadband options) but anything that's part of a city's infrastructure will be regulated as such. Not to mention that Big Brother won't have to go far to log and snoop on your browsing habits, etc. I can imagine way too much potential for abuse in such a scenario.
-- Never hit a man with glasses. Hit him with a baseball bat.
...might fulfill your powerbook wardriving needs :
get it here
I tested it and it works great
blaah !
So when you're the internal auditor and your job is to find this stuff it would be one way to check on it. Also it's good to run something like this coupled with an alerting engine so that when/if something goes wrong the right people are told about it.
... is it just me, or did I miss something?
Because it seems to me that the parent and all the replys up to me seem to be missing the point that this story is about programs to prevent people from connecting unauthorized to wireless networks...
The economics of utilities with large capital costs and large captive populations were worked out in the 1880s. The conclusion then was that either a government owned utility, or a highly regulated private monopoly, was the best solution. I don't know of any fundamental law of economics that has changed since then.
sPh
Privatizing roads == stupid.
You can't have competition in Roads. It's not like there are going to be 6 functionally identical roads all going to the same place. so the 1 road that does go there will charge a 100$ per car toll. And you either pay that, or you drive 250 miles out of your way to go around the countryside to get to where you are going. That's not competition.
There's also no motivation to improve the road if there isn't an alternate road people can take.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
Unfortunately that URL (kismetwireless.org) is NOT the place you're looking for. Kismet, the 802.11b godsent, can be found at http://www.kismetwireless.net. This is an AWESOME tool, and I have to say I've been using it ever since I bought my Linksys WCP-11 (i'm broke, hence no Cisco gear) a while back. Dragorn, the guy who wrote it and maintains it, is one hell of a code-slinger, and can be found on IRC if you get really stuck with something. He also spoke at H2K2 this year about kismet, for those of you who wen
"Hell hath no fury like a woman scorned for SEGA. ..."
And the Airport basestation works under Linux as well. There is a configurator etc here. The only problem is that parts of it (last time i checked) were closed source. Plus there can be problems with java and swing (help offer the debian people here ).
Its cheap, easy to setup und has good security features which can be viewed here .
For small wireless installations (personal/home/small user), why not just limit the MAC address of those who are permitted on the wireless network?
Relive the BBS Past - One Byte at a Time! www.ssabbs.com
the economics of utilities ... were worked out in the 1880s by marxists and other utopianists with an alternate agenda. Can you imagine Thomas Edison, Rockefeller, Hoffa or anyone else arguing that they should be smaller?
Of course they'll find an economist who will say allowing them to run an industry is the most efficient way to do things. Funny thing though how Standard Oil was broken up even though they were the most efficient producer...
An amusing anacdote is that this same agenda had been used by Microsoft to justify its "self-normalizing monopoly" claim. E.g. operating system costs spread over all PCs are lower with a monopoly, and there are no compatibility issues. In a sense, you can see the argument if this economic cost/unit objective is the only criteria you use.
However, there are other consequences, political, economic, behavioral, etc. Monopolies have a slight problem with ending up unaccountable. Fantasies of government regulation aside, the regulators quickly normalize to either being in the monopoly's pay, or get replaced by pro-monopoly officials. Or you'll have scenarios where the regulators control the power and grow their monopoly through special deals with select associates, kickbacks, etc.
Look at the status of both US political parties - both are nearly identical in that they're run by large organizations pursuing dominance in their industry/sector. It doesn't matter if its a union, a fortune 1000, or an industry association, the motivation is the same (and so is the corrution). Enron, RIAA, AFL-CIO, Global Crossing, NAB, etc.
As any honest German will tell you, efficiency shouldn't be your only objective.
*scoove*
word...
I've been using it for a little myself.
Interesting little thing about Kismet - Apparently Netstumbler is not entirely passive (Otherwise it wouldn't be detectable). Unless your driver is bugged or you have an unsupported card, Kismet is purely passive. Even better, while NS only works with Orinoco (and maybe Aironet) cards, Kismet works with Prism2 cards.
That said - With the exception of the last of the 3 utilities, most of them seem to be pretty similar to Netstumbler.
Apparently Kismet currently (for whatever reason) seems to ignore Netstumbler packets for some reason, but this is considered to be a bug. Implementing Netstumbler detection is apparently not far off.
retrorocket.o not found, launch anyway?
What if you just like the idea of setting up a WAP and letting anyone who happens by use it? It's not like some guy is gonna sit on the sidewalk outside my house and leech pr0n all day... If I do decide to do that, I'd limit the bandwidth available on the WAP to something like 20% of my total bandwidth. That's still pretty decent... Then I would log everyone/thing that connected to it and see if I could use it to find other geeks in my local area.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I went wardriving this past weekend.
:)
Orinoco silver, no ext antenna, laptop inside the car (lots of nice metal shielding)
Probably 1/3 of the networks heard (45 found in a relatively short loop) were factory default Linksys boxes.
There are a total of *3* 802.11 networks near my house.
One on Ch11 with a custom SSID (mine - No WEP, I don't really care. I'm in the boonies and not much damage someone could do)
Two on Ch6, one factory default Linksys, one listed as by Kismet. Needless to say, those two weren't going to be getting max performance.
retrorocket.o not found, launch anyway?
In a good number of places (I'd almost say everywhere, but I can only say for certain everywhere I've ever lived), you in fact DID have to register bikes, but its not a widely enforced law.
moron, read the post
its about detecting leaches
christ
First of all, the USPS functions with massive subsidies from the government, as well as with increases in postage that outstrip inflation.
Second, I see plenty of standards in place already on the internet; TCP/IP? HTTP? FTP? Even with wireless there are standards in place. We don't need a government with a proven track record of screwing things up to meddle even more.
Finally, comparing the state of cellular affairs in a country such as the US (which is where cellular technology got it's start) and anywhere else (which had the benefit of learning from our mistakes) is ludicrous. In Europe, a poster child for an excellent mobile system, there are still multiple providers, each with their own spectrum and equipment.
As for your comment about Lake and Cook counties, I'm not sure what they are, but based on your record with this posting, I'm guessing you're wrong about that as well.
Only on slashdot can a posting be rated "Score -1, Insightful".
For users of GNU/Linux who would like to peep on others on your tcp/ip network: Driftnet
I wont tell you about the pics of a Ballroom-Gown-Wearing-Cross-Dresser who appeared on my GNU/Linux box here in my cube about 15seconds after firing Driftnet up.. scary...
That ain't a link to the application either! It's a forum where others are talking about the application. There might be a link to it somewhere in the forum, but if there is then that is what you should have posted under this title. First link I found was just for a dll that the application uses, not sure if there really is a link to the application.
I'm an American. I love this country and the freedoms that we used to have.
Easy there Alice.
Happy T*ll Tuesday. Weiner.
"I got yo ass" -Spoonie love
If you are a good little network admin, then you've already secured your network ... so you would only be detecting yourself ... What fun is that?
HallmarkOrnaments.Com
The stable version doesn't do anything special with NS packets, just logs them.
The -devel tree detects them and raises an alert that one is detected.
-m
Most sniffing is passive. You can't detect a card that is not transmitting. If they mean rogue access, they need to use the right terminology.
You also need a completely up-to-date list of correct MAC addresses since those can be changed or spoofed. And to know whose computer is on or off (or that the laptop is on the south side of the building so having the MAC attached to the north AP is suspicious).
Then there is the possibility of a rogue AP meshing with your network.
And there would be a huge problem with things like nocat where you won't know the MAC address. Combine this with the IE SSL cert or similar vulnerability, and you can jump on a session.
There isn't a lot of security built into WiFi. You need to put things at a different layer (wifi is outside the DMZ, use vpn), or it would be a nightmare keying the APs to MACs which can be spoofed anyway.
OK, there are some lame problems with the current system, the one you mentioned about cable companies penalizing users who subscribe to the system to get high bandwidth is a perfect example. But taking your logic, isn't food even more important than Internet access? If it is, shouldn't we replace all the grocery stores with a government run grocery system? Whould you really want to get your food from a grocery store run by the government? Do you think you would still have a choice to buy at the private stores? How many of them could afford to stay in business if all of their customers were also paying the food tax and getting food at the government store? And what do you think the new prices for food at the remaiming exclusive private stores would be? Could you afford to eat from such stores or would you have to eat whatever the government stores decide is good enough for you?
Look at what has happened to our education system. Sure, there are still private schools, but few can afford to send their children to them and also pay the taxes for the awful government run schools. The school system is so bad that many in government advocate a voucher system, which is an admission of the failure of the public schools. And you want these people to take more control of what we get?
Sure, there are problems with the current system. But ask why. My answer is because we already have too much government medeling in what should have been a free market. By granting monopoly powers to a single phone company and cable company in an area, they have greatly limited the consumer choices for service. Whithout that monopoly, pitching customers the benefit of high speed access and then penalizing them for using it wouldn't be tolerated, there would be other providers who would be glad to take the customers. With the monopoly in place we get they type of system we have. Why not strengthen the monopoly by giving it to the Post Office? No Internet access Saturdays, Sundays or Holidays.
I'm an American. I love this country and the freedoms that we used to have.
A neat trick is to make a router that only allows known IP's, and assigns dynamic IP's for a special restricted subnet. Then, run a few apps on the subnet to watch what the "incoming" is doing. If known hacker activities are occuring, why not have your network fight back and attempt to hack *THEIR* machine. After all, they are connected to your network, which means you are connected to them... perhaps you can test how secure their machine in.
That or post public files on the subnet that do fun things to those foolish enough to download them... ~ Tild-e or Tild-ee? That is the question..
I think you make several excellent points, but I do feel like the goverment's (we the people's) job is to provide the best basic infrastructure for allowing commerce to flourish. It's the concept behind road building. If the Internet isn't a road, what is it?
Can I bum a sig?
OK, cool, thanks.
Been using Kismet for a few days and it's *great*, other than the fact that the -L option to gpsmap (labeling) is busted.
retrorocket.o not found, launch anyway?
The Internet ain't a road, no matter what it's inventor Al Gore tells us. Reminds me of the "an elephant must be like a tree" story. That's one danger of analogies, some people will carry them to false conclusions and dangerous extremes.
I'm not sure I even like the idea of the government even running our roads, but that's another (off topic) issue. But a road must have access to land (private property) that in most cases completely eliminates the use of that property for any other use. Not so with the Internet. The basic infrastructure there, when run on dedicated lines, can be buried and co-exist with other uses of the property. No "taking" of private property is required as it is with putting down an Interstate highway, just the much less oppressive right of free access through a property (a concept I find no fault with, as it is understood when society grants private ownership to property). There are also various plumbing systems that go below ground and pass through private property. So maybe a much better analogy would be rather than calling the Internet a Information Highway it should be called the Information Sewage System.
I'm an American. I love this country and the freedoms that we used to have.
The US Post Office gets no direct financial subsidy from the Government, and has not gotten any such subsidy for at least 10 years.
They do have an artificial, Constitutionally-allowed monopoly on certain types of mail.
As soon as I get my AP, I will be setting it up for port 80 and 110 public use for wardrivers to use. No WEP, broadcast mode, and a friendly SSID of "AP for Public Use :)"
:)
I certainly don't expect anyone to take advantage of my connection, a) because I will do my best to secure it and b) being a wardriver myself, I think any wardriver who sees my AP will think it's a cool concept, and they can check their email, movie times, upload stumbling data, etc.
I know quite a few others that are setting up similar AP's.
When I go wardriving, I rarely even get on AP's, it's mainly just for collection, making cool maps, and competing with my friends to see who can get the most with their equipment/time.
I have no desire to bring down anyone's network, although it is definitely something that could easily be done in certain circumstances
Is most access points have this type of thing built in. Mine does and I got a Linksys. No big hairy deal really. Go to a web page on the router and click a button and poof you have a list of all users on the wireless. Quick. Simple.
Gorkman
Um, not sure what is the mystery. Every Access Point allows the owner to see who is on the access point in realtime (association table) or historic (logs).
Any commercial-grade access point, like any other network device, also have SNMP capability to report the info if you want.
Hmmm, deregulation might have caused cable companies to jack their proices, but cometition has made them lower them again. I live in an area where RCN has been going head to head with ATT, and cable prices keep dropping. Or as a counter example...what do you think will happen now that Dish Networks and DirectTV are merging...Will this lead to better service for the consumer or increased rates. Almost all public libraries have internet access now...that's enough for societies responsibility to itself ot be connected IMHO.
Nothing great was ever achieved without enthusiasm
During the California "energy crisis", publicly owned utilities in CA weren't having any problems and weren't going through blackouts.
I can't get onto their network. They have sokme wierd edge security. Has anyone else got on?
3 sq.km. demo area at: http://roamad.com/roam_home_demo.html
The infancy is in the business model. Hotspots are wrong. We need metropolitan WLANs. This will be the next big thing.
See title...
What is wrong with arpwatch?
"apt-get install arpwatch" and the ARP table is monitored for new stations, station changes, etc. You stay up-to-date by email.
--- Hindsight is 20/20, but walking backwards is not the answer.
It's a metaphor. Roads take you places, lead you to new 'lands'. In the case of the Internet the roads (pipes, if you prefer) are taking you to other places. Those places just happend to be harddrives. Or 'cyber' versus 'real' space. Al Gore may not be my favorite person, but he recognizes a good analogy when he sees one.
Can I bum a sig?
Please note that I did not abuse my +1 bonus for this comment. Thank you.
Can I bum a sig?
Good counter example is with the Los Angeles Department of Water and Power: before Enron were recognized as breaking the rules that favored them by giving them public-goods for a song, they were not popular in California because of how their "free-market" screwed up power supply. LADWP (gross, corrupt government bureaucracy that it was) was able to provide power with no blackouts, brownouts or interruptions during the long, hot summer of 2001. Immediately abutting LA city was Santa Monica City, (they're so contiguous that you'd find it hard to know where one stopped and the other started) which had bought into the "get government out of public services and bring in the robber barons instead" myth. They had blackouts.
Privatizing some things doesn't make sense: it's too hard to separate out the costs and benefits, too hard to prevent local profit-driven corruption, too hard to do anything without creating a less-efficient regulation regime which is government in all but name.
Give it up.
Looks like IBM has an interesting wireless IDS product. Perhaps they should use it themselves, as it's just a rumor that you can sit at the end of my road and jack their bandwidth from a plant. Rumor purely.
This comment is guaranteed*
*not guaranteed