Slashdot Mirror
Build an Open Source Network Sniffer
An anonymous reader writes "This article reviews common issues of wireless security, and shows how to use open source software to suss out wireless networks, get information about them, and start recognizing common security problems. You will learn how build a lightweight wireless sniffer that runs on open source software and see how simple it is to interact with wireless networks."
What you really want is something like NoCatAuth (described nicely by this article. There are plenty of other similar solutions out there - look for 'linux wireless authentication gateway' or something similar on your favorite search engine.
This flies in the face of science.
Try ipcop, it can split off your network into a wireless part and a wired part, and even add a third zone for public servers. The wireless part defaults to not giving access to either the internet or your other, wired computers, and you have to add mac addresses to a table for wireless clients to be able to connect. And it has nice graphs too, so you can see if someone's using your connection. Use this with WPA and vpn maybe. If you want more security, use wired lan instead.
Sounds like you like something like this?
From the website above:
"NetReg is an automated system that requires an unknown DHCP client to register their hardware before gaining full network access. Through a simple web interface, the client is prompted for their user identification. Powerful scripts then retrieve the client's network fingerprint and store it along with the user's information in a database. The database provides administrators with real-time information for troubleshooting and auditing their networks. The entire system was developed utilizing unmodified, open-source servers and in-house developed CGI programs."
Sadly this isn't very secure, since mac addresses can be faked (my wireless router already has this feature built-in). However it looks like ipcop has other types of authentication too [Version 0.2 of IPCop will include an Amber Zone (Wireless DMZ) which will support CIPE, IPSec or VPNd encrypted connections among other things] so I will check it out :-)
I Am My Own Worst Enemy
I know they can be faked, but it's still much better that if someone wants access to your network, they have to spend some time trying to figure out your mac and ip addresses than not, IMO.
It's more of a deterrent than an unbreakable security measure, but add enough deterrents and that wardriver might just use your neighbours unsecured network instead.
And if they manage to get access, they still have to crack an iptables firewall to get to your servers. Good enough for me.
The problem with IPCop and Smoothwall for that matter, is the inability to filter traffic outbound. All traffic originating on the "Green" (inside or internal) interface is permitted. Nachia and Slammer will fly right through this config. Any worm or virus or trojan that tries to use TFTP to download more tools will also be successful.
Permitting only the traffic that needs to traverse a firewall IN ALL DIRECTIONS is a basic firewall/security concept.
=====
imagetweak.netWeb-based image t
The GS has twice the RAM and NVRAM of the regular WRT54G. This can be helpful as far as running packet sniffing apps on it is concerned.
/usr/games/fortune