Slashdot Mirror
Wireless Camouflage?
Anonymous Coward writes "Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Fake AP is a proof of concept released under the GPL."
Fake breasts?
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
So I get a list of hundreds of access points. My trusty computer can be programmed to check them all one by one. Only the legit one will respond. I realize this is a bit slower, but I think the number of fake APs needs to be huge to hurt the war drivers.
In fact, I think that the problem with this solution is the amount of effort expended in defense is equal to the amount of effort for the war driver. You've got to have a PC pumping out fake APs constantly. Both radio modems are putting out the same bandwidth. This isn't a good equation for most of us.
Good encryption, on the other hand, takes only a few cycles to do but a gazillion cycles to undo. That's a great ratio of defense to offense.
Plus, don't the fake APs still end up jamming the channel. If you're faking an AP, someone else can't use the channel on that micro second. Given that wardrivers come only occasionally, but the jamming goes on constantly, I think that the legitmate users will pay a big price in network access for something that would only slow war drivers down a bit.
But I may be wrong.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
that doesn't eat up bandwidth on your network, is to simply disable beacons on your AP. Having thousands of beacons sent makes it fairly obvious that there's an actual AP somewhere in the area, and there are other ways to determine the real network name.
Admittedly, not all AP's allow beacons to be disabled. But then, Kismet doesn't need them at all to detect networks.
Same for Brooks' law, for all the people who love to invoke that one. It's not a formal proof that adding a developer will necessarily delay a project.
What I'm listening to now on Pandora...
Let's hope that this concept is never applied to physical security. Imagine working in an office/cubicle with 32 keyboards and 64 mice, rj45 and rj11 jacks everwhere, throw in some extra pc cases to fill every inch under your desk -- with only one of each that actually works
First, uncloaking networks. Then, invisible cloaks. Now, cloaking networks.
Next thing you know, we'll see a post about the invention of visible cloaks.
Good judgment comes from experience.
Experience comes from bad judgment.
This won't do anything to hide an active network, people will just look at the data traffic instead of the beacons.
As a wardriver, I think that this would definatly confuse and annoy anyone driving around.
However I've noticed that companies with wireless AP's tend to be in clusters in close vicinity to each other. I'm just wondering what the effects on the persons neighboor would be. I could just see someone running this and just confusing the hell out of his neighboors. It would be even worse if the fake broadcasts were on different channels, then there would be real chaos with legit users.
Fun to play with, but not practical for production since a determined attacker would wade through the data to get your real SSID
Just my $0.02
Where are we going, and why are we in this hand cart?
It seems to work very well and would foil would-be wardrivers.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Our you could just secure your system(s). There are better ways to protect yourself than this. This is just obscurity. It is like trying to avoid sexually transmitted diseases by dressing as a transvestite. Sure, it may work, but there are much better solutions.
Moon Macrosystems. Sun's biggest competitor.
Am I the only one who saw this and thought of Starbucks?
:-)
no sig.
That's probably its achilles heal. If you measure which AP point has the most traffic, you've blown past any illusion of security this gives you.
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"It's not security through obscurity, it's creating a forest around your tree. While I may be able to secure the machines on my network, use a VPN for all transactions over the wireless network, there's no real way to secure my access point. WEP is a joke, plain and simple. If someone gets on my wireless network unauthorized by me, I'm liable for whatever shit they might pull through my internet connection, so I don't see the supposed stupidity in making it alot harder for someone to find the real access point. I have my doubts that this software is as effective at what it's trying to do as it's author(s) claim, but even so, it narrows the potential abusers of my network down to the determined, patient, and lucky. No security is perfect. You just have to run faster than the slowest guy to avoid getting eaten by the lion, you know?
And a better analogy would be trying to avoid venereal disease by dumping condoms all over the place so it's a veritable certainty that you'll be within reach of one wherever you happen to find yourself doing the nasty.
A better
and they had lots of dumb windows clients trying to associate with them
Which is exactly why this is a bad idea. The software doesn't just send beacons. It requires to you install a driver which contains full AP functionality, and then starts configuring it with random MAC address and common, well known SSID's, every quarter second. Which means that anybody within range who happens to have "linksys", or "tsunami", or any of a handful of common SSID's is going to be out of luck when their laptop connects to whomever is running this Alchemy "tool". People who set up broken AP's with liberal (i.e. wide open) security are assholes. And that's exactly what this. software does.
Just because something is public does not mean that rules do not apply to this public space. A park is a public space but there are rules about how you can use it, the unlicensed spectrum used by 802.11b is available for anyone to use but you are still required to follow FCC regulations regarding how you operate within this spectrum. There are rules that dictate how your wireless card operates, how much power it can put into it's signal, etc.
In fact, it might be wise of you to consider this in terms of another user of this particular segment of the spectrum -- cordless phones operating at 2.4 GHz. The signal goes out over the same unlicensed spectrum band, but if you were to create a base station which prevented your neighbors from using their cordless phone handsets (even if it was accidental) you could be fined for violating the FCC rules regarding this slice of the spectrum. If you were to monitor and record a transmission between the base station and remote node you would be breaking the law. If you created a phone handset that masqueraded as your neighbors handset and used his phone base station (and phone line) for your calls you would be breaking the law. Both offenses can bring stiff fines and jail terms, something that aggressive wardrivers and 802.11b access point "borrowers" might want to keep in mind...