Slashdot Mirror
Detecting Wireless LAN Users
technosavvy writes "With wireless home networks and applications like NetStumbler becoming so popular, it's surprising that there are so few consumer-oriented applications that help monitor who is connecting to your wireless network. Bob Brewin of ComputerWorld lists three tools with this purpose in mind in his article "Tools for detecting rogue wireless LAN users"." I just like running etherape.
Wireless lan technology is still in it's infancy, the thing is that people are more interested in hacking/cracking wireless networks than protecting them at the moment. That will change as people realise how insecure the default settings are.
So what if you can detect when a rogue has connected to your wireless network. A passive data gatherer connected to your wireless network can often times gain enough information to connect to your network externally (Internet, VPN, etc). So just knowing that noone is actively using your wireless network doesn't mean that noone is hacking your network because of your wireless network.
No. I think most of the
Now, it would be real funny if you were a spammer making that statement.
Fight Spammers!
Slashdot and its readers have always been consfused about the differences between digital rights and petty theft. I've had to turn a blind eye to it just to keep the bile down in my throat when I read the page.
Finally, math books without any of that base 6 crap in them.
Check out Kismet over here. It can run on Linux PDA's like the Zaurus and iPaq as well as your laptop. It also has GPS support and speach output (through festival).
I know this is not a radical idea, but I'm going to say it again. I think broadband Internet access should become part of a city's infrastructure, like roads and garbage service. I'd even pay for it like a utility (like water treatment or gas). God knows it'd get rid of silly little disputes over 'stealing' or redistributing bandwidth and cable companies penalizing users for doing what they signed on to do...use lots of bandwidth.
Can I bum a sig?
For corporations with Mucho Moolah(TM), you can get ISS Wireless Scanner ( http://www.iss.net/products_services/enterprise_pr otection/vulnerability_assessment/scanner_wireless .php ).
Actually it's a pretty cool product, it'll detect access points with SSID broadcast turned off, it'll detect wireless users, it'll even try to break into the access points (haven't used the feature much, so I'm not sure what it tries to do there).
Unfortunately it only runs on Win 2000 (I run it on XP, but that's unsupported), and only works with Orinoco cards and a couple of the known derivatives. On the plus side, it's got all the cool alerting features like SNMP and SMTP, and it has the "authorized list" of access points to minimize false positives...
-Jack Ash
PS: No, I'm not affiliated with ISS, but I run and administer their products at my office, including Wireless Scanner.
In most places in the country, people pay individually for their garbage service, water and gas. If I'm paying by the bag, you better damn well not put your trash in my can.
The only service that can't be stolen is free service, and there simply isn't such a beast. Hell, even roads aren't free. If you have an unregistered car (and thus, have paid no taxes), you can't legally use the road.
This is all good for network security assurance and auditing, but doesn't fix the basic security problems with using WLAN 802.11 technology. I suggest that we use a new security model for WLAN security:
1) Obscure SSID names and WEP should not be used on your WLAN just to provide management/users with a false sense of security;
2) Put the WLAN access point outside your firewall (layer 1 security);
3) Use firewall VPN technology for layer 2 security;
4) Use IPSec protocol for network layer 3 encryption;
5) Use digital certificates for layers 4-6 strong authentication;
6) Enforce Corporate security policy on WLAN deployment & use;
7) Regular audit and security assurance work to detect the addition of new WLAN points to your network.
There are good reasons for using WLANs, and you probably can't stop the keeners from adding access points, but you can try to mandate how they will be added in a secure and managable fashion.
Cheers,
-wjc.
"I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
Weeeelllll, I didn't install the Wireless encryption software (don't remember the exact name) and would instead unplug the wireless HUB when I wasn't using it. One weekend, I forgot to do this. Out of curiousity, I check the ARP on my DSL switch and found _3_ MAC entries. I only have 2 computers...
Was this my own fault? Yes, absolutely, no question. Was I a moron for not configuring and running the WEP (Wireless Encrption Protocol)? Again, yes. But think about all the wireless LAN products being sold and how many are protected, or NOT protected.
Where has your internet connection been today?
Computer Science is Applied Philosophy
This is exactly correct. 802.11 should ALWAYS be used OUTSIDE firewalls, and considered standard, public, insecure internet service. Then use IPSec plus whatever additional features are required to get into the private network.
sulli
RTFJ.
Wait a sec -
You know you're running an unsecured wireless network and you want tools to find the 'rogue' people using it?
You're going to *buy* this tool?
Why don't you just secure the network?
Even WEP, with all its faults, will keep out casual stumblers. Use a VPN if you need real security.
When I see a wireless network with no WEP and a DHCP server, I see a 'welcome Mat'. I assume it's OK for me to check my mail or browse the web a bit.
In fact, I no longer have to do anything to set up my laptop - Os X Jaguar sets up the connection for me.
There's an old saying that good fences make good neighbors - I think that applies to wireless networks as well...
Cheers,
Jim
(PS - Go ahead, be a dork - mod me overrated instead of replying. I no longer care.)
-- My Weblog.
...might fulfill your powerbook wardriving needs :
get it here
I tested it and it works great
blaah !
So when you're the internal auditor and your job is to find this stuff it would be one way to check on it. Also it's good to run something like this coupled with an alerting engine so that when/if something goes wrong the right people are told about it.
The economics of utilities with large capital costs and large captive populations were worked out in the 1880s. The conclusion then was that either a government owned utility, or a highly regulated private monopoly, was the best solution. I don't know of any fundamental law of economics that has changed since then.
sPh
Privatizing roads == stupid.
You can't have competition in Roads. It's not like there are going to be 6 functionally identical roads all going to the same place. so the 1 road that does go there will charge a 100$ per car toll. And you either pay that, or you drive 250 miles out of your way to go around the countryside to get to where you are going. That's not competition.
There's also no motivation to improve the road if there isn't an alternate road people can take.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
the economics of utilities ... were worked out in the 1880s by marxists and other utopianists with an alternate agenda. Can you imagine Thomas Edison, Rockefeller, Hoffa or anyone else arguing that they should be smaller?
Of course they'll find an economist who will say allowing them to run an industry is the most efficient way to do things. Funny thing though how Standard Oil was broken up even though they were the most efficient producer...
An amusing anacdote is that this same agenda had been used by Microsoft to justify its "self-normalizing monopoly" claim. E.g. operating system costs spread over all PCs are lower with a monopoly, and there are no compatibility issues. In a sense, you can see the argument if this economic cost/unit objective is the only criteria you use.
However, there are other consequences, political, economic, behavioral, etc. Monopolies have a slight problem with ending up unaccountable. Fantasies of government regulation aside, the regulators quickly normalize to either being in the monopoly's pay, or get replaced by pro-monopoly officials. Or you'll have scenarios where the regulators control the power and grow their monopoly through special deals with select associates, kickbacks, etc.
Look at the status of both US political parties - both are nearly identical in that they're run by large organizations pursuing dominance in their industry/sector. It doesn't matter if its a union, a fortune 1000, or an industry association, the motivation is the same (and so is the corrution). Enron, RIAA, AFL-CIO, Global Crossing, NAB, etc.
As any honest German will tell you, efficiency shouldn't be your only objective.
*scoove*
I've been using it for a little myself.
Interesting little thing about Kismet - Apparently Netstumbler is not entirely passive (Otherwise it wouldn't be detectable). Unless your driver is bugged or you have an unsupported card, Kismet is purely passive. Even better, while NS only works with Orinoco (and maybe Aironet) cards, Kismet works with Prism2 cards.
That said - With the exception of the last of the 3 utilities, most of them seem to be pretty similar to Netstumbler.
Apparently Kismet currently (for whatever reason) seems to ignore Netstumbler packets for some reason, but this is considered to be a bug. Implementing Netstumbler detection is apparently not far off.
retrorocket.o not found, launch anyway?
What if you just like the idea of setting up a WAP and letting anyone who happens by use it? It's not like some guy is gonna sit on the sidewalk outside my house and leech pr0n all day... If I do decide to do that, I'd limit the bandwidth available on the WAP to something like 20% of my total bandwidth. That's still pretty decent... Then I would log everyone/thing that connected to it and see if I could use it to find other geeks in my local area.
Kintanon
Check out JoshJitsu.info for Brazilian Ji
I went wardriving this past weekend.
:)
Orinoco silver, no ext antenna, laptop inside the car (lots of nice metal shielding)
Probably 1/3 of the networks heard (45 found in a relatively short loop) were factory default Linksys boxes.
There are a total of *3* 802.11 networks near my house.
One on Ch11 with a custom SSID (mine - No WEP, I don't really care. I'm in the boonies and not much damage someone could do)
Two on Ch6, one factory default Linksys, one listed as by Kismet. Needless to say, those two weren't going to be getting max performance.
retrorocket.o not found, launch anyway?
In a good number of places (I'd almost say everywhere, but I can only say for certain everywhere I've ever lived), you in fact DID have to register bikes, but its not a widely enforced law.
For users of GNU/Linux who would like to peep on others on your tcp/ip network: Driftnet
I wont tell you about the pics of a Ballroom-Gown-Wearing-Cross-Dresser who appeared on my GNU/Linux box here in my cube about 15seconds after firing Driftnet up.. scary...
That ain't a link to the application either! It's a forum where others are talking about the application. There might be a link to it somewhere in the forum, but if there is then that is what you should have posted under this title. First link I found was just for a dll that the application uses, not sure if there really is a link to the application.
I'm an American. I love this country and the freedoms that we used to have.
OK, there are some lame problems with the current system, the one you mentioned about cable companies penalizing users who subscribe to the system to get high bandwidth is a perfect example. But taking your logic, isn't food even more important than Internet access? If it is, shouldn't we replace all the grocery stores with a government run grocery system? Whould you really want to get your food from a grocery store run by the government? Do you think you would still have a choice to buy at the private stores? How many of them could afford to stay in business if all of their customers were also paying the food tax and getting food at the government store? And what do you think the new prices for food at the remaiming exclusive private stores would be? Could you afford to eat from such stores or would you have to eat whatever the government stores decide is good enough for you?
Look at what has happened to our education system. Sure, there are still private schools, but few can afford to send their children to them and also pay the taxes for the awful government run schools. The school system is so bad that many in government advocate a voucher system, which is an admission of the failure of the public schools. And you want these people to take more control of what we get?
Sure, there are problems with the current system. But ask why. My answer is because we already have too much government medeling in what should have been a free market. By granting monopoly powers to a single phone company and cable company in an area, they have greatly limited the consumer choices for service. Whithout that monopoly, pitching customers the benefit of high speed access and then penalizing them for using it wouldn't be tolerated, there would be other providers who would be glad to take the customers. With the monopoly in place we get they type of system we have. Why not strengthen the monopoly by giving it to the Post Office? No Internet access Saturdays, Sundays or Holidays.
I'm an American. I love this country and the freedoms that we used to have.
I think you make several excellent points, but I do feel like the goverment's (we the people's) job is to provide the best basic infrastructure for allowing commerce to flourish. It's the concept behind road building. If the Internet isn't a road, what is it?
Can I bum a sig?
OK, cool, thanks.
Been using Kismet for a few days and it's *great*, other than the fact that the -L option to gpsmap (labeling) is busted.
retrorocket.o not found, launch anyway?
The Internet ain't a road, no matter what it's inventor Al Gore tells us. Reminds me of the "an elephant must be like a tree" story. That's one danger of analogies, some people will carry them to false conclusions and dangerous extremes.
I'm not sure I even like the idea of the government even running our roads, but that's another (off topic) issue. But a road must have access to land (private property) that in most cases completely eliminates the use of that property for any other use. Not so with the Internet. The basic infrastructure there, when run on dedicated lines, can be buried and co-exist with other uses of the property. No "taking" of private property is required as it is with putting down an Interstate highway, just the much less oppressive right of free access through a property (a concept I find no fault with, as it is understood when society grants private ownership to property). There are also various plumbing systems that go below ground and pass through private property. So maybe a much better analogy would be rather than calling the Internet a Information Highway it should be called the Information Sewage System.
I'm an American. I love this country and the freedoms that we used to have.
Is most access points have this type of thing built in. Mine does and I got a Linksys. No big hairy deal really. Go to a web page on the router and click a button and poof you have a list of all users on the wireless. Quick. Simple.
Gorkman
See title...
What is wrong with arpwatch?
"apt-get install arpwatch" and the ARP table is monitored for new stations, station changes, etc. You stay up-to-date by email.
--- Hindsight is 20/20, but walking backwards is not the answer.
Good counter example is with the Los Angeles Department of Water and Power: before Enron were recognized as breaking the rules that favored them by giving them public-goods for a song, they were not popular in California because of how their "free-market" screwed up power supply. LADWP (gross, corrupt government bureaucracy that it was) was able to provide power with no blackouts, brownouts or interruptions during the long, hot summer of 2001. Immediately abutting LA city was Santa Monica City, (they're so contiguous that you'd find it hard to know where one stopped and the other started) which had bought into the "get government out of public services and bring in the robber barons instead" myth. They had blackouts.
Privatizing some things doesn't make sense: it's too hard to separate out the costs and benefits, too hard to prevent local profit-driven corruption, too hard to do anything without creating a less-efficient regulation regime which is government in all but name.
Give it up.