Detecting 802.11 Discovery Apps

Joshua Wright writes "I have written a white paper on detecting 802.11 Wireless LAN Network Discovery applications. Wireless LAN discovery through the use of applications such as NetStumbler, DStumbler, Wellenreiter and others is an increasingly popular technique for network penetration. The discovery of a wireless LAN might be used for seemingly innocuous Internet access, or to be used as a "backdoor" into a network to stage an attack. This paper reviews some of the tactics used in wireless LAN network discovery and attempts to identify some of the fingerprints left by wireless LAN discovery applications, focusing on the MAC and LLC layers. This fingerprint information can then be incorporated into intrusion detection tools capable of analyzing data-link layer traffic. "

A victory for the RIAA

[Istealmymusic]

This 802.11 discovery application detection is clearly a victory for the RIAA, MPAA, BSA, and associated subsidies such as AOL/Time-Warner and Microsoft. As all MP3 goonies know, illict data is often served from hacked sites. Wireless at 11Mbps is elusive to the warez community, and by detecting this it may be possible for anti-warez busters to detect warez d00ds on the spot, decloaking their IP-based anonymity due to 802.11's cellular IP range.

Invalid premise

[Martin+S.]

Setting asside that ESSID discovery software is inherently passive.

All this fuss and mud slinging over WiFi seems to be missing the point. It is build on an invalid premise. That 'this network' belongs to the AP owner. 802.11.b uses public airspace it does not belong to anybody it belongs to everybody just like the Internet backbone, it is designed to be open, and should remain so. If somebody wishes to use privatly for their secure traffic they should treat it as they would a PVC the net at large.

Accept it is open technology standard and secure their machines and traffic as necessary as they would on the Internet at large. The physical network its self cannot and should not be closed.