New Way to ID Invisible Intruders on Wireless LANs

Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."

Virtually impossible?

[morgan_greywolf]

I don't know about that. I use WPA-PSK security on my WLAN, and I regularly monitor my network using ordinary means (logs, IDS, etc.) and I haven't seen any evidence of intruders, invisible or otherwise. I suppose this is one more thing I could add to my arsenal, but how many with security turned on really have trouble with this?

Re:Virtually impossible?

Virtually impossible? (Score:0, Offtopic)
by morgan_greywolf (835522) on Friday November 30, @08:50AM (#21531627)
(http://stylus-toolbox.sf.net/ | Last Journal: Tuesday May 15 2007, @11:50AM)
I don't know about that. I use WPA-PSK security on my WLAN, and I regularly monitor my network using ordinary means (logs, IDS, etc.) and I haven't seen any evidence of intruders, invisible or otherwise. I suppose this is one more thing I could add to my arsenal, but how many with security turned on really have trouble with this?

Um, how is this offtopic?

War driving moderator on crack? =P

Re:Virtually impossible?

[cbiltcliffe]

and I regularly monitor my network using ordinary means (logs, IDS, etc.) and I haven't seen any evidence of intruders, invisible or otherwise. I suppose this is one more thing I could add to my arsenal, but how many with security turned on really have trouble with this?

If the intruders were invisible, how would you see them in logs and IDS? They're invisible. Passive monitoring won't show up in any logs. I know, because I do it sometimes as part of my security service to my customers. You can break into a WEP-encrypted moderate-traffic wireless network without sending a single packet. Once you're in, you can capture all traffic on that network and save it, again, without sending a single packet.
WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own.

Using the Storm botnet as an example:

There were estimates that put the botnet as large as 50,000,000 computers. Having done WPA-PSK key cracking on a P4 1.6 laptop, it can run around 30 passphrases/second. My desktop is significantly faster, although I haven't actually tried PSK cracking on it. I'd assume probably 45 / second or more. It's not a state of the art machine, by any means. Probably about average.

So if we assume an 8 character random passphrase, (which is all a lot of people will use, so it's easier to remember) that you can type on your keyboard, (again, who's going to use Alt-Numpad combinations?) there are 96 possible keystroke characters that can make up each byte. 96^8 = 7213895789838336 possible password combinations.
Assuming 45 passphrases / second for each machine, it will take, using this botnet, just over 37 days to break that password. That's assuming the most complex password possible for 8 characters. Realistically, you can take out any special character that's not in 13375p3@k, and for most all you'd need is numbers and letters. That'll cut your time significantly.
Yes, that's only an 8 character password, which will take 96 times as long to break with only 1 extra character, but how many people, who don't use their full allotment of 63-characters of randomness, are going to use something like "password", "dave sucks", "fleabert" (name of their cat), or even "fleabert scratches too much" as their passphrase?
Now you've got standard words, which can easily be pulled from a dictionary and put together in different combinations until the passphrase is cracked. Trivial, with enough computing power. And unfortunately, the only people who have access to that kind of computing power, are (I shudder to use the word) cybercriminals.

Re:Virtually impossible?

[morgan_greywolf]

Of course, any security can be cracked... I personally use a shared key that is significantly longer than that. adding 1 extra character over 8 makes it 96^9, but adding, say 3 extra characters makes it 6382393305518410039296 possible password combinations, which would take that same botnet like 90,000 years to crack.

Oh, yeah, and bear in mind: those 50,000,000 would all have to be in range of the access point and would have to not overwhelm the access point. Even the best Cisco Aironet equipment isn't going to handle that kind of load.

Re:Virtually impossible?

[VenTatsu]

You only need one computer in range of the WAP to capture the encrypted traffic. Then a bot net could be used to attempt to decrypt the traffic. While doing this is significantly harder that trying to associate directly it is also totally passive, and can be run in parallel.

Re:Virtually impossible?

yea, but if you set up your wireless network with a specific set of MACs and only allow those macs to log in, keep all of your machines on so someone can't hijack the mac, and disable logins to your router from anything but one of those macs, they won't even be able to connect even after they crack your password unless they can flood your router or otherwise break it. Very few people can do this.

If you augment this with weekly password changes and the strongest possible password, they aren't getting in unless they control a lot of systems. Yea they could still break your wireless network eventually, but there are other wireless networks that are far easier to get into so they'd move on.

Beyond that you secure the hosts on your network as well.

Security isn't about making your network unbreakable, which is impossible. It's about making your network not worth someone's time to break into. You do this with layered security and being polite.

Network crackers go for the low hanging fruit every time, unless it's a targeted attack, which most home users don't ever need to worry about unless they piss off the wrong person. They'll get your neighbor that didn't change the default password and doesn't password his hosts. There's a buffet out there of easy to break networks, so chances are, if you take reasonable precautions, and don't go around flaming people, you are fine.

Personally I don't run a wireless network. I pulled Cat5-e to every room in the house while I was rehabbing and don't need it. I did this before WEP matured because I didn't trust wireless at the time, wired networks Just Work(tm) and are much faster. Of course it's easy to do this when your walls are open 8)

-AC

Re:Virtually impossible?

[lubricated]

>>yea, but if you set up your wireless network with a specific set of MACs and only allow those macs to log in, keep all of your machines on so someone can't hijack the mac, and disable logins to your router from anything but one of those macs, they won't even be able to connect even after they crack your password unless they can flood your router or otherwise break it. Very few people can do this.

or you could just change your mac. This is very easy.
ifconfig eth1 hw ether newmacaddress

this also isn't only about braking in but you can also listen passively without ever stepping foot onto the network.

Re:Virtually impossible?

[morgan_greywolf]

Using that method, you have to know something about the encrypted traffic in order to determine if you've found the plaintext or not. In any regard, you'll have to apply some analysis to figure that out and that means you'll need more processing power than what was mentioned.

Re:Virtually impossible?

[Alpha830RulZ]

Thanks for laying that out. I don't know what makes this so hard for people to get/do. Come up with 3 to 5 words of something that means something to you, separate with some punctuation, and make sure it's around even only 20 characters, and it should take a million machine botnet something like 10^21 years to crack, assuming the 45/tries a second metric. eg., "IHave7FavoriteFl()wer&" should be good for something like the remaining life of the universe. (3.6*10^27 years, by my calculations)

Even so called security professionals seem to have trouble with this. One of my favorite gripes is the security team at my new employer, who insist on forcing us to use 8 to 10 character passwords, no more, no less. They demand a numeral and a special character, which actually reduces the search space substantially. I am prone to setting up passwords for people like "Eagles~In*Trees" which is easy to remember, and tough to crack, but they won't let me any more, forcing us to issue things like "sFg#8Jk@", which the user promptly writes on a sticky note and pastes to the monitor so they won't forget it.

Re:Virtually impossible?

[kickdown]

"WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own."

You are assuming that WPA needs a human-configured passphrase here. Your calculations are all nice, but they refer to WPA-PSK (pre-shared key). If you use WPA with IEEE 802.1x (sometimes called WPA-"Enterprise"), a PMK (Pairwise Master Key) is generated by a AAA server *anew for every session*. I.e. as soon as someone logs off and on again, your calculations got to start from scratch. I'm assuming people don't stay connected 37 days continuously on a WiFi connection, so your botnet attack is rendered useless. To be on the safe side, you can set your APs to negotiate new keys at your personal paranoia level time interval even when connections persist.

Even with WPA-PSK, your reasoning is only correct if you really want the PMK of WPA-PSK. Your botnet could be faster if you just want the current session key: it is 128 Bits in length (both with TKIP encryption and AES), so you only need to try 2^128 numbers to get in. The amount of randomness for the PMK is irrelevant if you just want to get into a session quick-and-dirty. Another reason for WPA users to rekey every so often.

WPA-Enterprise is used worldwide in educational institutions in a free (as in spirit and in beer) manner right now, including worldwide roaming: check http://www.eduroam.org./. Even in Queensland numerous universities are participating and thus have something at their disposal that is way less suscepible than static session keys. http://www.aarnet.edu.au./Content.aspx?p=133/ suggests that University of Queensland is in, so I guess they are just doing the research to show people how unsecure WLAN networking is if you *don't* use IEEE 802.1x :-) Yes, that was a shameless sales pitch. This is slashdot, I'm *supposed* to promote my pet projects here, right?

Re:Virtually impossible?

They don't have to be in range of the access point. You capture the traffic and process it later. All you need is to send the encrypted packet capture out to the botnet and let them try to decrypt it.

Re:Virtually impossible?

[Hawkeye05]

I wish i had mod points right now cause that post is damn worth it.

Re:Virtually impossible?

[cbiltcliffe]

You need to look into cracking WPA-PSK. You don't need to know anything about the traffic. All you need are 4 packets, one if which is a hash of the passphrase. You hash your passphrase list until you find one that matches the hash captured from the AP, and then you've got your passphrase. No extra traffic necessary.

Re:Virtually impossible?

[kryliss]

Strangely enough, from the days when I had to reinstall Win98 on several machines all the time, I have that 25 character key memorized.. that's what I use for my WPA encryption. Haven't seen anyone crack that one yet.

Re:Virtually impossible?

One of my favorite gripes is the security team at my new employer, who insist on forcing us to use 8 to 10 character passwords, no more, no less.

Talk about a reduced search space. I wish my company's security team were that smart. We use exactly 8 characters; no more, no less. There are other composition rules, which reduce the search space even more; but just in case AC isn't really AC.... :-)

When this was changed, we were making the network "more secure", since some people were only using the (then standard) 6 characters. Of course, we could use more than 6. Why someone in Security can't do math is beyond me.

Re:Virtually impossible?

[orcrist]

I don't know what makes this so hard for people to get/do.

I agree.

Come up with 3 to 5 words of something that means something to you, separate with some punctuation, and make sure it's around even only 20 characters...

Exactly. Anyone who reads a decent amount should not have any trouble finding a nice long quote from a book they liked which they can remember, which is what I always recommend. If they don't read enough for that to be the case.... fuck'em they don't deserve to be secure ;-)

I am prone to setting up passwords for people like "Eagles~In*Trees" which is easy to remember, and tough to crack, but they won't let me any more, forcing us to issue things like "sFg#8Jk@", which the user promptly writes on a sticky note and pastes to the monitor so they won't forget it.

My tip for these cases is the same deal with the passphrase... then take e.g. the second letter of every word (except for one-letter words), l33t-speak the ones you can, replace sentence punctuation with a chosen character, and/or choose a few to be capitalized and you're golden... example:
"I don't like green eggs and ham, Sam I am" becomes:
iOirgna#Aim -- and, no this isn't one I've ever used :-P
This password is very easy to remember, or at least it can be reconstructed fairly easily until the actual sequence of keystrokes has been memorized.
If that's too hard they can go with the first letter of every word:
iDlG3Ah#SiA
which should still be immune to any dictionary-based attack.

-chris

Re:Virtually impossible?

But we're talking about cracking the password, not the encryption. Cracking the encryption is something else, and it's not addressed in the greatgrandparent post. There's a difference between cracking WAP-PSK and the password that protects the association.

Re:Virtually impossible?

[kayditty]

Ha ha ha. You're an idiot. First of all, you're assuming an offline attack, with an insanely, unbelievably large "botnet," which doesn't even exist (even this so-called, way over-blown "storm botnet"). Then you're assuming that software can be written to take advantage of all of these machines in parallel. Please. That would be a nightmare; it's not going to happen. You're assuming all of these machines can be coordinated and that all of them are going to be online at once, and that all of them have any amount of reasonable process power -- they don't, especially not being devoid of spyware and all kinds of other garbage.

You have no idea what you're talking about. Ok, so you know the basics of simple wireless encryption and have used airsnort and kismet and aircrack-ng and whatever the hell else it is you wanna-be hackers kids use. Whatever. The kind of effort needed to do what you're proposing is MONSTROUS, and despite the fact that there may be one or two extremely large "botnets" out there, this isn't common, and you're not just going to go out and make your OWN "botnet" that big just for the purpose of cracking passwords. Then, you're not going to be able to harness the resources of all of those machines, unless you're the world's best programmer and have about the same luck as someone winning the lottery twice in a week while getting hit by lightning when the numbers are announced.

If you really want to mount a good offline attack, you're better served paying a few million down on a good sized supercomputer, and contracting a real programmer to write real parallelized cracking software. But if you're capable of doing that, then no shit you could crack some retard's 8 character passphrase anyway.

Re:Virtually impossible?

[cbiltcliffe]

You have no idea what you're talking about. Ok, so you know the basics of simple wireless encryption and have used airsnort and kismet and aircrack-ng and whatever the hell else it is you wanna-be hackers kids use. Whatever. The kind of effort needed to do what you're proposing is MONSTROUS,

You, kayditty, are an asshole. Just like all the other stupid fucks in this industry, you assume that since you don't know how to do it, it cannot be done. Your kind are the most arrogant, conceited pricks on the planet, and I sincerely wish you would all suffer massive brain damage and go away. Although maybe the first part has already happened.

Before you go calling me a wanna-be hacker who's "used airsnort and kismet," you might want to know that I've already written password cracking software to run on a massively parallel cluster, theoretically scalable to any size. (No, I haven't released the program, and I'm not going to, so don't ask.) It's not that hard. You can do it in Perl, for shit's sake. And you don't have to coordinate all the machines. For a job like this, it's better if they're semi-autonomous. "Here's a pile of data. Process it, and get back to me when you're finished," kind of thing.
It's not like it's a simple program, but it's certainly within the realm of possibility, both theoretically and practically. All you've got to do is get the master node to efficiently pass out segments of the job to individual nodes. But, it doesn't have to do this directly. It can break it up into 100 smaller chunks, then pass those off to 100 of the faster (and more reliably connected) computers, which will in turn break them up into smaller pieces again, passing them on to thousands of computers each. The processed data will be returned to the immediate parent, which can completely ignore its own parent unless a positive result is found, or all data received has been processed.

To scale up, replace 100 and thousands with bigger numbers.

I'm in the process of writing a wrapper around aircrack to do this exact thing on a local cluster that will work on anything from a handful of machines up to thousands, or more.
There's no reason the same thing couldn't be done on a million+ computer botnet.

Let this be a lesson to you. Don't make assumptions about things you know nothing about. You're liable to get shot down with guns bigger than anything you can comprehend.

Re:Virtually impossible?

[kayditty]

I know plenty about the subject -- heaps more than you, I'm sure. Wow, you've written some software in Perl (I'm sure that's very efficient). Congratz, dude!111. The point was hardly that software can't be written to take advantage of an array of machines. It was that your numbers of what comprises a feasible botnet are very, very skewed and childishly wrong.

That's something I think I'd certainly know more about than you. I didn't say I "don't know how to do it," and I didn't say it can't be done -- whatever it is we were talking about. I said you're enormously overestimating the ability of any kind of attacker -- even a very sophisticated one. That's something I think I'd know more about than you.

And I'm certainly not downplaying the potential for an offline attack, if that's what we're talking about. I'm not sure of the complexity of various kinds of passphrases used in all the different encryption schemes, but if has the cost of any modern hashing algorithm, give or take, an eight character "passphrase" is incredibly weak. I know that. I can crack an 8-char a-zA-Z0-9 raw, unsalted MD5 hash on my computer, using hardware from the year 2003, in just 2/3 of a year.

My objection to your comment is entirely in the position of authority you seem to be taking, when it's clear you really aren't any sort of authority. I might have been content to leave well enough alone had you not made ridiculous remarks about the feasibility of harvesting a 50 million computer botnet (which probably doesn't exist, and which certainly isn't going to happen for any random attacker), which I would still deny completely.

Combatting your unsourced ancedotes with some of my own, I'm not exactly the worst programmer in the world, myself. I don't have a thorough educational background, so my mathematical ability is a little lacking, but I've been using computers for a long, long time, and the concepts are second nature to me. My strengths are more in the realm of security and networking, which are relevant enough. I've written security software, including cryptography applications and implementations. I'm pretty confident I could write something, rather easily, to parallelize such a task if I wanted to, all the same. But just because there's some ridiculously hypothetical 'perfect-world' where there are 50 million "bots" ripe for the taking by some script kid with a hard-on for some particular dude he's had his eye on, and, god damn it, he's managed to write the most efficient software in the world for managing 5.0 * 10^7 bots OVER THE FUCKING INTERNET to do it all... well. I can dream about writing Perl implementations of cryptography software, too.

Re:Virtually impossible?

[cbiltcliffe]

I know plenty about the subject -- heaps more than you, I'm sure.

Yet again, piles upon piles of arrogance. I could be Bruce Schneier for all you know. I'm not, but my point is you're making a shitload of assumptions of my ability based on....what? Nothing. Other than my statements not agreeing with your preconceived opinions.

Wow, you've written some software in Perl (I'm sure that's very efficient). Congratz, dude!111.

Not only arrogance, but childishness, also. Never once did I say that I had ever written software in Perl. I stated that cluster computing was easy enough to handle that it could be done in Perl. Big difference. You might want to get your head out of your ass before you keep reading, as you seem to have some serious mental confusion going on.

The point was hardly that software can't be written to take advantage of an array of machines. It was that your numbers of what comprises a feasible botnet are very, very skewed and childishly wrong.

Ok, so I didn't include sources. Sue me. I figured it was pretty commonly known, since it's been mentioned on /. numerous times. But, since you seem to have completely missed that month, here you go. Every one of these puts the size of the botnet at a maximum of 50 million computers, which is exactly what I used for a figure. Based on my own experience with security issues, I've come to realize that the worst possible security scenario is usually the most accurate one, so that's what I went with. And if it turns out it was 20% overestimated? Well, big deal. 20% isn't a crapload of leeway when you're talking about security issues.

My objection to your comment is entirely in the position of authority you seem to be taking, when it's clear you really aren't any sort of authority.

And how is it clear I'm not any sort of authority? Because you disagree with what I said? Maybe you'd prefer it if I'd added "but kayditty is an expert on all things everything, so you'd better ask for some confirmation over that way, somewhere." So you resort to a virtually ad hominem attack on me, hoping that.....what, exactly?

I might have been content to leave well enough alone had you not made ridiculous remarks about the feasibility of harvesting a 50 million computer botnet (which probably doesn't exist, and which certainly isn't going to happen for any random attacker), which I would still deny completely.

I'm not talking about it happening for any random attacker. I'm talking about the truly evil bastards who are trying to break into places like TJX and steal 90 some odd million credit card records. Your punk ass script kiddie neighbour is irrelevant. Deny it all you want, though. It's the truly hidden risks that you really have to be wary of, because they're usually the worst. Do you work for DHS, by any chance? Your attitude sounds remarkably similar to theirs.

But just because there's some ridiculously hypothetical 'perfect-world' where there are 50 million "bots" ripe for the taking by some script kid with a hard-on for some particular dude he's had his eye on, and, god damn it, he's managed to write the most efficient software in the world for managing 5.0 * 10^7 bots OVER THE FUCKING INTERNET to do it all...

Well, the "perfect world" probably exists, or at least, did for a while in September-October. And again...I'm not talking about the script kiddie who hates his neighbour for telling his parents he was smoking up in their back yard. I'm talking about the credit card thieves, and the other serious security risks. If your biggest security problem is script ki

Re:LAN security

Troll (internet is serious business).

Signal roundtrip times is the tipoff

[BadAnalogyGuy]

This is a good heuristic, but may be misleading in the case of faulty client hardware or over-active powersaving routines.

But look, if you want a secure wifi, perhaps you're misunderstanding the need for wifi. Pervasive internet connections without wires is what we want. If you want to broadcast wifi, you ought to be required to provide this service to all listeners (how many times have I been to a customer site which had wifi that was locked down and inaccessible?). If you want to implement some sort of auth system to create private networks atop the wifi, hey, that's cool too. But leave the router open, wouldya?

Re:Signal roundtrip times is the tipoff

[Silver+Sloth]

But leave the router open, wouldya? No, I won't.

I don't wan't anyone not authorised by me on my network. I see no reason why I 'ought to be required to provide this service to all listeners'. Sorry, my network, my rules.

Re:Signal roundtrip times is the tipoff

[icebrain]

If you want to broadcast wifi, you ought to be required to provide this service to all listeners If I'm paying for the router, the connection, and all that... why should I have to allow someone to mooch it for free?

Re:Signal roundtrip times is the tipoff

[pipatron]

He didn't say your network. Just let people browse the big evil world wide web.

Re:Signal roundtrip times is the tipoff

[pipatron]

Because it doesn't cost you anything extra, and if you do that, the moochers will let you browse for free when you're somewhere and need to check something.

Re:Signal roundtrip times is the tipoff

[Albio]

But what if they do something illegal?
Or what if they don't play nice and cause congestion which you don't want to deal with?

Re:Signal roundtrip times is the tipoff

[kalirion]

Why the Hell would I want random strangers to reduce my bandwidth? If they want to browse the big evil world wide web, let them pay for their own high speed connection.

Re:Signal roundtrip times is the tipoff

[X0563511]

What I love is that (the summary at least) article states you can use this to see if someone is monitoring your network.

Excuse me? How in the hells would you tell of someone was passively reading incoming radio waves? Isn't that the point of active vs passive radar systems, for instance? You can't!

Re:Signal roundtrip times is the tipoff

if I'm paying for the router, the connection, and all that... why should I have to allow someone to mooch it for free? "If I'm spending MY time writing an operating system, why should I allow someone else to use it for free?" Decency? Sharing? I don't know. Do you use any Open Source software, you mooch?

Re:Signal roundtrip times is the tipoff

[kalirion]

Doesn't cost you anything extra except bandwidth you mean. And money if they decide to bittorrent a few songs. And jail time if they decide to visit a few child porn sites.

Re:Signal roundtrip times is the tipoff

[hedwards]

No, it isn't free. It might not cost any money directly, but I'd personally factor in the cost of the possibility of dealing with the police or FBI at some point into the cost.

Anybody posting here should know better than to leave a WAP open, the amount of trouble that can be caused by somebody abusing the set up is more than sufficient to justify keeping a sound security policy. Even then it may get broken, but that's where plausible deniability comes into it.

Re:Signal roundtrip times is the tipoff

[cheater512]

Your network which is being being beamed to my house.
If you want it secure, stop broadcasting it. Simple. :)

Re:Signal roundtrip times is the tipoff

[jasen666]

Because if they download kiddie pr0n, it's *MY* IP address that gets logged, and my house the FBI raids looking for said kiddie pr0n.
Not worth the risk to be a good Samaritan to the neighbor's who can't afford their own internet.

Re:Signal roundtrip times is the tipoff

[xappax]

Even then it may get broken, but that's where plausible deniability comes into it.

You always have plausible deniability, even if you don't have a access point at all. It's completely possible and quite frequent that people's computers are 0wned by viruses and trojans, and used to route anonymous traffic, send spam, and mounts scans and attacks on other machines. If securing your systems was required to give plausible deniability, millions upon millions of computer users could be subject to criminal prosecution right now.

i'd personally factor in the cost of the possibility of dealing with the police or FBI at some point

Nothing can protect you from having to deal with the police or the FBI. The RIAA habitually uses bogus, unreliable IP records to prosecute people who had nothing to do with the accused crime. The police are known to make similar mistakes, and the FBI has a long honorable history of seizing computer hardware on "hunches" or anonymous unsubstantiated tips they received.

Keeping your network open doesn't put you in any more legal danger. But more importantly, locking down your network doesn't make you any safer from arbitrary harassment by the authorities.

Re:Signal roundtrip times is the tipoff

My bandwidth, my rules.

Re:Signal roundtrip times is the tipoff

[plague3106]

Even then it may get broken, but that's where plausible deniability comes into it.

No, it doesn't. At that point you need to offer some evidence that someone actually did compromise your computer / network.

Re:Signal roundtrip times is the tipoff

[Mister+Whirly]

Sure, I'll unsecure my wireless network for you to use. As long as you leave your front door unlocked so I can come over to your house anytime I want, make a sandwich, watch some TV, play some video games, etc.
Entertainment is what we want. If you want to do entertaining things, you ought to be required to provide this service to all.

Re:Signal roundtrip times is the tipoff

[Mister+Whirly]

"You always have plausible deniability"

Yeah, that worked splendidly in the Jammie Thomas case.

"Nothing can protect you from having to deal with the police or the FBI."

Well, not completely, but I would say not allowing people to commit crimes on your network would do something to dissuade that a little bit. And this headline couldn't more clearly refute your claim - "Child porn case shows that an open WiFi network is no defense". From TFA -
The merits of leaving your wireless access point (WAP) open have been discussed and debated at length, especially when it comes to law enforcement. There is a growing belief that file sharers can protect themselves against lawsuits by keeping their wireless access points open. The problem is, it won't necessarily.
A Texas man who was convicted of possessing child pornography tried to use his open WiFi network as a defense, saying that someone else could have used the same network to traffic in pornographic images. The US Court of Appeals for the Fifth Circuit didn't buy his argument and upheld the conviction.

So while I do admire your spirit, you are obviously NAL and should stop dispensing questionable legal advice. I mean who should I believe - you or the US Supreme Court when it comes to legal questions about WiFi?

Re:Signal roundtrip times is the tipoff

[Mister+Whirly]

software != hardware - Please cite some examples of your "open source hardware" that people are giving away for free.

Re:Signal roundtrip times is the tipoff

[xappax]

And this headline couldn't more clearly refute your claim - "Child porn case shows that an open WiFi network is no defense"

But the crime in that case wasn't committed over an open wireless network. The argument was that a search warrant shouldn't have been granted because of the open access point, it didn't have anything to do with plausible deniability. The guy was caught with CDs of child porn in his room, which is pretty open and shut, he was just trying to get off on a technicality about the search warrant. The precedent this case established was that an open access point wasn't enough to eliminate the probable cause needed for a search warrant, it didn't make any judgment about plausible deniability. you are obviously NAL and should stop dispensing questionable legal advice

Fair enough, but as far as I know there is no legal precedent which says that you bear legal responsibility for all traffic that happens to travel through your publicly available network. And furthermore, like I said, if there was such a precedent, it would open up everyone with a malware-infected computer to prosecution for computer crimes. "Common carrier" status is a long established precedent which would appear to apply to individuals with open access points, and though it's true I'm not a lawyer, I'm not aware of any high-level judgments which say otherwise. Let me know if there are any.

Re:Signal roundtrip times is the tipoff

[thePowerOfGrayskull]

ou always have plausible deniability, even if you don't have a access point at all. It's completely possible and quite frequent that people's computers are 0wned by viruses and trojans, and used to route anonymous traffic, send spam, and mounts scans and attacks on other machines. If securing your systems was required to give plausible deniability, millions upon millions of computer users could be subject to criminal prosecution right now.

In case you hadn't noticed, they confiscate first and ask questions later. What happens when they confiscate and find that no, there is no malware present? That rather rules out that defense, now doesn't it.

Nothing can protect you from having to deal with the police or the FBI. The RIAA habitually uses bogus, unreliable IP records to prosecute people who had nothing to do with the accused crime. The police are known to make similar mistakes, and the FBI has a long honorable history of seizing computer hardware on "hunches" or anonymous unsubstantiated tips they received. Keeping your network open doesn't put you in any more legal danger. But more importantly, locking down your network doesn't make you any safer from arbitrary harassment by the authorities.

Where to begin on this. Let me see if I get it right: sometimes mistakes are made, so if someone is /really/ doing something illegal on your open network, you don't have any increased chance of getting blamed for it. How's that again?

Re:Signal roundtrip times is the tipoff

hardware != services. I can think of plenty of services people give away for free.

Re:Signal roundtrip times is the tipoff

[Mister+Whirly]

The crime that caused the FBI to have probable cause WAS committed over an open wireless network - downloading child porn. They could have never searched his apartment without that evidence. In this case the person had deniable plausibility, in fact all signs pointed to his roommate being the guilty party. But that didn't stop him from being charged because it was his connection that was used. I don't know about you, but I would rather not give law enforcement probable cause to search my house, even if I had plausible deniability up the wazoo. And IANAL either, but I thought "common carrier" status was only granted to companies that were ISPs, not individuals.

Re:Signal roundtrip times is the tipoff

[josephdrivein]

What if leaving a open access to the Internet is illegal?
There are countries in which this is true.

Re:Signal roundtrip times is the tipoff

When your apartment building is saturated by dozens of access points, none of which work, you'll understand. It may be your internet connection, but you're using public airspace, which is not private. Sharing benefits everyone sometimes..

Re:Signal roundtrip times is the tipoff

[Peter+Mork]

Or, I am broadcasting my SSID (caetarn) because I don't care if you access my WAP from your house. Yes, there are still some long-haired pinko-fags (to coin a phrase) willing to share their resources.

Re:Signal roundtrip times is the tipoff

[xappax]

I'm pretty sure, though not totally confident, that "common carrier" isn't an official bureaucratic status, like something you have to apply for or be a certain type of business for. It's simply a legal category to describe a technology which indiscriminately relays information that anyone puts on it.

For example, if you operated a hobby radio repeater and someone broadcasted a bomb threat to town hall through your radio repeater, you wouldn't be liable because you're a common carrier - your technology relays anyone's information. Of course, this still doesn't get you off the hook if you use your own repeater to send in a bomb threat yourself, just protects you from being punished for traffic that didn't originate from you.

I'd be glad to hear from someone who knows more about it though.

Re:Signal roundtrip times is the tipoff

[mrhartwig]

Nothing can protect you from having to deal with the police or the FBI.
Reducing the probability of dealing with authorities by not opening your network, does not make the resulting still non-zero -- but smaller -- probability useless.

Whether the effort required to do so is worth your time is an cost-benefit analysis left as an exercise to the reader. If you choose to decide it's not worth your time, great. But don't expect everyone else to agree with you.

And no, my network isn't open. I have plenty of neighbors that take care of that "responsibility" to society. :-)

Re:Signal roundtrip times is the tipoff

[mrhartwig]

Entertainment is what we want. If you want to do entertaining things, you ought to be required to provide this service to all.

By that logic, if you buy into Maslow's heirarchy, you have an even greater responsibility to be providing food, shelter, and sex to people too. After all, we want those more than entertainment.

Let me know your address; I'll do my part by personally bringing some homeless people to you so you can help out. I'll need to know which gender you prefer, too; I wouldn't want to stretch your responsibilities too far.

Re:Signal roundtrip times is the tipoff

[mrhartwig]

Ack, sorry -- I think I just tried to slam someone saying the same thing I am. I should have said "To anyone who believes this, let me know your address and I'll do my part....." Trying to be non-directed and all.

otoh, if I re-read your post incorrectly, and you do believe I should be unsecuring my wireless net, feel free to take the slam personally. :-)

Re:Signal roundtrip times is the tipoff

[Mister+Whirly]

No, you re-read it right. My information doesn't want to be free, and neither does my beer, television, or food. I think if you own a wireless device, you are free to share or not share as you see fit.

Not enough information

Sorry, but the article is so low on information, it's practically useless...

Doesn't seem to practical

[faloi]

The description is, basically, they use the signal strength and round trip times of the signals to figure out if someone unauthorized is on your network. The downside is that, in large corporate wireless networks, I would think people tend to be pretty mobile and there won't be a reliable indicator that the odd signal from slightly too far away isn't just somebody who remembered one last thing on the way to their car. Smaller wireless networks aren't likely to care enough to spend the time it takes to tell.

It's an interesting idea, but I have a hard time seeing it become widespread.

Re:Doesn't seem to practical

[BadAnalogyGuy]

It's an interesting idea, but I have a hard time seeing it become widespread.

Given that the primary researcher now works for a hardware maker (last line in the article), I wouldn't be surprised to see this as a feature on some routers in the near future.

Re:Doesn't seem to practical

[Trigun]

You think that it's bad now, wait until everyone rolls out wifi enabled cell phones. In a large corporation, hackers could hide an elephant in that background noise.

Re:Doesn't seem to practical

[cyriustek]

Whislt you have somewhat of a point, the odd occasion where one may forget something and try to access the LAN at his car is an outlier to the data set. If the system notices someone from that location connecting to the network, and can either force a new authentication event requiring a local cert, or can simply shut down the AP the external person is connecting to. (Preferably shutting it down.)

As an aside, the company can also have a policy explicitly forbidding access from the parking lot. If what they had to do is so important, they can either go into the building, or wait until they are home and use their VPN connection.

Re:Doesn't seem to practical

[faloi]

That's actually a good point. I come at it from the point of view of the large companies I've worked for. To get on the corporate network via a wireless connection, you still have to authenticate to a VPN server. We have a separate wireless network that visitors from other companies can use, but it's got no connection to the corporate network. I'm sure it's not that way for every large company.

Re:Doesn't seem to practical

[Cyno]

If their networks are so sensitive and secure why transmit ANYTHING over the air? This is just another way to use the illusion of security to adopt a police state. In the article they mention sending out armed guards to check on the intrusions, etc. See, they're already thinking in the right direction.

Damn

[FredDC]

What? No, but this means that I[NO CARRIER]

Re:Damn

[jam244]

What? No, but this means that I[NO CARRIER]

I see the network admin was nice enough to hit Submit for you.

don't bother

Restricting your WLAN from "intruders" have a number of sideaffects, some good, and some bad. If your systems are safe and you have lots of bandwidth leave the WLAN wide open as it will create some defence for plausible deniability in the event some RIAA scum bag comes knocking on your door claiming you stole music. Just make sure you don't leave any other evidence behind. Wikipedia in this case doesn't give this justice you may have to find other ones. Look at True Crypt hidden volumes for other hints. http://en.wikipedia.org/wiki/Plausible_deniability

"detect eavesdropping"

Yeah, right, detect eavesdropping. Any other snake oil you want to sell?

Re:"detect eavesdropping"

[ice_nine6]

Seems to be a poor summarization - the article makes no mention of detecting eavesdropping (which would be impossible).

Re:"detect eavesdropping"

yeah, I have these WMDs (Wifi Mobile Devices?) that I'm selling. got em from Iraq or Iran or one of them I countries.

Re:"detect eavesdropping"

[Actually,+I+do+RTFA]

Yeah, right, detect eavesdropping. Any other snake oil you want to sell?

I have a pain-relief gel which has a side-effect of super-(strength/speed/control of sea animals).

Re:"detect eavesdropping"

Err, isn't that what quantum "cryptography" is all about?

Re:"detect eavesdropping"

Is that 802.11q?

Re:"detect eavesdropping"

You can detect radio receivers(wireless) quite easily with methods not described in the article; hence, the popularity with crystal sets(no oscillator) during WWII. On a similar note, the number of people listening to a radio program can be estimated(triangulated) by how much energy is being drawn from the radio transmitter.

Triangulation

[JustKidding]

So, basically, they are just triangulating every node on the network, and detecting when a node is outside a given range (outside the building?), or seems to suddenly jump to another location (session hijacking)? Would this still work if the attacker is using a directional, high-gain antenna to prevent effective triangulation? Also, varying the signal strength and round trip time could throw this off, but even if the exact location of the attacker cannot be determined because of it, the alarm could still be raised.

Re:Triangulation

[Ungrounded+Lightning]

So, basically, they are just triangulating every node on the network, and detecting when a node is outside a given range (outside the building?), or seems to suddenly jump to another location (session hijacking)? Would this still work if the attacker is using a directional, high-gain antenna to prevent effective triangulation?

Sounds like they're not "triangulating" - computing the DIRECTION to a station from two monitoring locations in order to identify the station's location as the third point of a triangle. Instead they're measuring the round-trip time for a probe/response, which measures the distance (plus internal delays in the remote station) without identifying direction.

Adding delay can make a station appear to be farther than it is, but not nearer. So short of finding a way to send signals backward in time (or responding enough faster than the standard firmware to fool the montior) you can't spoof being closer than you are.

Which does nothing for a pure eavesdropper. But if the "eavesdropper"'s firmware associates with the eavesdropped network enough that it turns on its transmitter and responds to low-level protocol probes, it CAN be detected even if the user sends no traffic.

They're also using signal strength measurement - perhaps to work around unknown firmware response time. That might make them subject to spoofing by using a directional antenna and/or increasing transmit power to make the signal appear stronger, and thus closer, than it actually is.

(Another approach would be using multiple receivers at known (or self-measured relative) locations to do a LORAN-style triangulation on particular transmissions from the remote station, measuring the arrival-time differences at three or more stations to locate the remote station at the intersection of two or more hyperbolas. But that involves synchronizing time-bases between the monitoring stations in a way that would be beyond normal firmware's capabilities. It would also become less accurate as the distance to the remote station increases.)

Makes sense.

[ufoolme]

Aussie's are really into all this wireless stuff!

I'm fairly new to all this but at a very basic level it seems to make sense.
It just a more complex method of looking at the flashing lights on the modem to see if its in sync with your known wireless connections. -- Okay alot more complex than that.

I wondeer if this can be applied to other wireless systems, e.g., radio systems. If so it would be very useful

Eavesdropping?

And just how does this detect eavesdropping?

eavesdropping

[backwardMechanic]

You can detect many things, but not eavesdropping. Your little wifi card broadcasts all kinds of data, in all directions. I can listen in and say nothing. How are you going to detect that? Warping of the ether?

Re:eavesdropping

[atdt1991]

Quantum Entanglement! We've got on-board chips for that ... right?

Re:eavesdropping

[mossmann]

TFA doesn't claim a method for detecting eavesdropping. Bad summary.

Re:eavesdropping

[backwardMechanic]

Fair enough. Like a good ./'er I haven't read it, of course ;-)

Re:eavesdropping

[Ungrounded+Lightning]

You can detect many things, but not eavesdropping. Your little wifi card broadcasts all kinds of data, in all directions. I can listen in and say nothing. How are you going to detect that?

Your firmware might react to being associated with a network enough to eavesdrop it by also responding to low-level configuration traffic. If that happens, even if you don't send any data the firmware may respond to probes, letting the network know you're listening.

If you're truly eavesdropping you're undetectable. But do you know what the vendor put in the binary blob?

Re:eavesdropping

[The_Laughing_God]

[b]Your firmware might react to being associated with a network enough to eavesdrop it by also responding to low-level configuration traffic. If that happens, even if you don't send any data the firmware may respond to probes, letting the network know you're listening.[/b]

It is fairly cheap and easy to set up a listen-only client using hardware whose transmitter is easily disabled. A few minutes with a razor blade or soldering iron, and I don't need what the proprietary firmware *tries* to do. If I want an actual connection, I'll plug in a different card.

When it comes to sniffing, wireless can be more like a hub-based network than it pretends to be.

Re:eavesdropping

I dont know about warping of the ether, but you could always use an EtherNet!

:Shudders

Nothing to see here, move along

"Depending on how sensitive the network is, armed security guards could be deployed [...]"

And they would shoot the guy with the laptop in the lobby? Whoops, wrong guy. It was the other guy in the lobby. Nope, it was the woman in the parking lot. Wait, no, it was an anomoly.

Sounds more like a weak attempt at a research project.

Re:Nothing to see here, move along

[Firethorn]

I work around some areas that would have this much sensitivity, it'd be more like 'there's somebody/somthing over there that's not authorized', they'd go check everyone, find the device and arrest.

Shooting would only come into effect if they resisted.

Of course, at those security levels they don't use wireless.

Re:Nothing to see here, move along

[marcello_dl]

Armed guard should first look for the guy who thinks a sensitive network can adopt wireless connections.

The German Police

[thegermanpolice]

The German Police will be pleased.

Australia's University of Technology ?

[mybecq]

Australia's University of Technology in Queensland

Otherwise known in reality as the Queensland University of Technology in Australia.
Zonk or Bergkamp10, please do us all a favour and don't change the name of institutions.

Re:Australia's University of Technology ?

[bh_doc]

Like saying America's Institute of Technology in Massachusetts. Not even close to correct.

Where's the paper?

[Raleel]

I don't see it or this news on the QUT IIS website.

How is this ground breaking?

[computerchimp]

1) hopping from one router to another is detected via traditional means
2) higher than average roundtrip times are noticed via traditional means
3) signal is triangulated via traditional means to put a location on a suspected signal.

A new but an obvious proceedure that someone has decided to put to paper and product. It is a nice product to notice but this is about as ground breaking as peanut butter and chocolate.

CC

Re:How is this ground breaking?

Peanut butter and Chocolate? WOW! What a great idea!!

Re:How is this ground breaking?

Peanut Butter and Vegemite?

invisible intruders...

We have invisibile intruders now!?!
I'm more interested to know how these intruders managed to render themselves invisible.
Have they actually caught one yet?

Re:LAN security

Come on, people. Inspect links before applying mod points. Link in parent redirects to internetisseriousbusiness.com. Sibling comment got modded as a TROLL for pointing that out! Eneville, it's terrific that you can read xkcd, really, but some of us read work-related Slashdot articles _at_work_.

Use 1x

[MT628496]

Use 802.1x authentication on your wireless network, or use a gateway that will log users in through a browser and you eliminate a lot of problems.

Re:Use 1x

[TechyImmigrant]

802.1X (It's a capital X) is not an authentication protocol. It's an architecture (1X) and a protocol protocol (EAPoL) to carry a protocol (EAP) that carries authentication protocols (EAP methods).

What you said is akin to recommending a purchaser of a computer use the box it came in.

Re:LAN security

Congrats eneville, you Rickroll'd me!

Doesn't appear to track eavesdropping

[davidwr]

This technique doesn't appear to handle eavesdropping attacks, where the attacker records radio traffic for real-time or post-analysis.

By capturing signals, unencrypted and WEP-encrypted traffic can be snooped for sensitive data.

This same technique also works against other weakly-encrypted or unencrypted protocols, provided you can get close enough to snoop. I'm thinking infrared keyboards and possibly bluetooth not to mention old-fashioned CRT-sniffing using a specially-equipped police van like you seen in the movies. Of course all of these have very limited range.

In practical terms, if you only allow very strongly authenticated connections you should be immune from both snooping and hijacking. Of course, you'll still have to worry about a denial-of-service attack when your adversary floods the airwaves at the most inconvenient time.

All that said, this technique is one more item in the network administrator's bag of tricks.

Re:Doesn't appear to track eavesdropping

Yeah, I was looking for the same thing when reading the article. They implied they could catch passive snoopers then they gave an explanation of how that would only catch active nodes. If a node is active, there are all sort of tests beyond what's listed here that can be done to check if it's a rogue.

The only way I've seen to catch passive snooping is to send fake packets out with an unused IP address. You only send these on wireless (never publicly). Then if anyone does a reverse lookup (say running ethereal later), you know you've been snooped. I'm not sure it's worth the effort. I guess it depends on your level of paranoia.

Wireless 101

[Tastecicles]

1. Secure the connection using WEP/WPA/whatever.
2. SPECIFY the MAC addresses of the specific client hardware in the routing table; a whitelist will REJECT any other connection attempt (MOST routers will do this!)
3. TURN OFF SSID Broadcast once you have the specified units set up; this will render the wireless network invisible to casual scanners.

I have never had a support call for hacked wireless on ANY system that I've set up using the three points listed.

Re:Wireless 101

[jasen666]

Right, that keeps out amateurs and lazy hackers. Somebody that really, really wants in can still find a way eventually (except for WPA2... that hasn't been cracked yet has it?)

On mine, I've also taken the steps of disabling DHCP, and setting my network subnet mask to 248 as the last octet. This leaves only 6 IP's available, exactly the number of devices on my network. A hacker would not only have to clone a MAC address, but take one of my in-use IP addresses. Not an impossible task, but a pain in the ass and probably not worth the effort.

Re:Wireless 101

Did you copy that from George Ou's "Six dumbest ways to secure a wireless LAN"?

1. I can crack WEP faster than you can turn the feature on.
1. I can change my MAC address faster than you can turn the feature on.
2. Not broadcasting the SSID makes you less friendly, not more secure.

    Jeff

Re:Wireless 101

[robbeh]

WEP is useless and can be cracked in less than 10 minutes using any laptop made in the last 10 years. Keep on using that WPA though.
MAC filtering is useless because anyone with Kismet can see the active MAC addresses on the network.
SSID hiding is useless because anyone with Kismet can see the active SSIDs around them.

Someone mentioned it earlier, but have a look at this:
http://blogs.zdnet.com/Ou/index.php?p=43

If they're invisible...

[billcopc]

How in the hell can anyone see invisible things ? If a passive eavesdropper is quietly capturing all packets without sending anything, you can't monitor them. It's not like there's an electrical connection to the host that you can monitor for power dips.

A more effective solution, which has been employed by every ignorant security "expert" in the world is to claim that all wireless networks are insecure. Yes, Duh! Next question.

To a certain extent, all networks are vulnerable whether they're carried in the aether or forced down optic cabling. That's why we have passwords, encryption and a whole buffet of software-based security paradigms. Assuming someone is friendly just because they share physical environment with you is a very flawed concept. Any half-breed can plug into your switch or wander within your antenna's range.

False Positives and Reliability

[neorush]

It seems this would work great for a small office scenario with a few users, but I imagine with a larger network and things like iPhones, transmitting, connecting, and disconnecting from various distances and signal strengths "odd" round trip times would seem very difficult to reliably detect. The threshold would either result in a large number of false positives, or miss the real threats all together. It would certainly be possible to throw out something like an iPhone, but then as an attacker I could just make my signal appear like an iPhone. "Depending on how sensitive the network is, armed security guards could be deployed, or the wireless network may be turned off." I'd be a pretty pissed security guard if I had to try and check out everyone of these alarms.

Freeloader

[MM_LONEWOLF]

Damn, no more free web-browing. But wouldn't it be easier to rig the hardware to only send a signal to a certain distance?

FUD: tracking can be done w/accuracy

[postbigbang]

Newbury Networks, among others, have used triangulation coupled with latency to 'watch' 'intruders' on networks.

Businesses that don't put lock on their doors-- oops I mean a strong access key-- invite break-ins. It IS POSSIBLE to secure specific access points to the point where it's no longer useful to try and crack them; WPA2 with a random strong temporal, randomly-changed key (say 24hrs at most) will suffice. Instead, notebooks or stationary devices are more astute targets for the ne'er-do-wells.

I have been doing this for awhile

[bitsiphon]

We deployed Aruba wireless Access points that give you location based access 2 years ago. An Electronic fence as it were. It does not solve the problem of eavesdropping and I think encryption is the only solution to limit that type of "Hack". The paper is interseting but obvious in its arguments.

All you kids...

[NickCatal]

Get off my WAN!

This is new? Products that do some/all now...

[myvirtualid]

Not to flame or troll or slashvertise, but how is this new? I was a conference recently where the coolest security product on display was from http://www.airtightnetworks.net/: Their WIPS can be configured with an organization's known wireless clients (MAC address, make, HW and SW versions, etc.), and then detect systems that shouldn't be there.

According to the reseller's CTO - I had the good fortune to stop by the booth before he and the COO departed and the booth was left with only salesdroids - the system has an extensive database of fingerprints - hardware, software, etc., think of timings and the like specific to particular combinations of OS, firmware, and chipset.

This raises the bar for a snooper: They not only have to clone your MAC addresses, etc., they have to clone the MAC, etc., on a box running the same OS, firmware, chipset, as the legit box. And they have to get the WPA keys right.

(They also a neato WPA key management app to raise that bar, too.)

Apologies if this seems slashvertisical, seems to me the best way to debunk someone's claim of newnessess and neverbeendonebeforedness is to point real selling product that does all of the non-vapourware things the someone claims to have invented.

Stating the bleeding obvious....

[sifi]

He said the valuable commodity at greatest risk on local area networks was information.

What, not like gold bullion or something?

URL to paper

This URL seems to be the paper that presents the approach.

Reading TFA.

[Eevee]

Well, the first thing you need to do is actually start reading the article you're using for support. From the fine article you quoted:

The FBI says it found CDs with child porn in Perez's room, the only one it searched.

Up to the time you can show how a wifi connection will make a physical CD magically show up in a room, then any argument about plausible deniability based off this case is full of it. You can't claim someone else was using your wireless connection to download child porn when you have a big stack of CDs with child pornography on them. Nobody is stupid enough to believe that. The only way this could have been a test case would be if they hadn't found any evidence beside the network traffic.

What this shows is that illegal traffic coming to/from your address constitutes probable cause, which is a different kettle of fish.

Re:Reading TFA.

[Mister+Whirly]

Read even further. It was most likely his roommate who had the kiddie porn, but they still basically ruled it was his connection and his liability. With no probable cause, there is no search and seizure. Eliminate the first step and you don't need to worry about the rest. And sorry, but this IS a test case no matter what other evidence was found. Until it is overturned, the ruling stands as precedent in all other cases after it.

Does not detect eavesdropping

[jvkjvk]

Now, I may not be a physicist, but I'll play one here on Slashdot.

I really don't see how this can detect eavesdropping. Of course, my definition of eavesdropping is that it is a passive activity, listening if you will, but not talking.

Since this technology appears to predicated on receiving a signal from the "eavesdropper" the real world equivalent would be the eavesdropper butting into your conversation to ask you a question or to tell you something.

Not that it isn't interesting or cool but perhaps the claim is a just a bit wide. Imagine that...

Detects Invisible Intruders My Ass...

[PainBreak]

If a wireless NIC is in passive, promiscuous mode, it doesn't have to send any data out. It doesn't associate itself with the access point, it doesn't ask permission from the network to be there, and it doesn't need to send any response to anything. It's just "listening" and collecting packets as they go to and fro, in the open air. In order to triangulate anything, particularly based on response-time, the intruding node would have to respond, which it doesn't. This is just another half-hearted attempt to squeeze blood out of the turnip that is wireless security. I've sat back and watched bogus installation after bogus implementation of WiFi security measures, everything from Radius utilizing PEAP to centralized management and all access points switched from autonomous to thin mode in an effort to secure a wireless network. Oh, but make sure we leave a WEP-only SSID, because we have legacy equipment that only supports an unencrypted network, or 64 bit WEP. I can't wait to see this implemented!

Re:Detects Invisible Intruders My Ass...

[Hawkeye05]

The very best way to secure a wireless network is to make your look like less of a target than thers around you, I personally have a 13 digit WPA2 passphrase including numbers and MAC filtering, overall pretty solid. But then my neighbors have completly unlocked wireless with their routers using the default settings, anyone who would choose me over them would have to be either really bored or wanting to specifically see what i'm doing, I'm not paranoid about this but i do check my router every 2 weeks or so just to make sure that only the right computers log in, if i see my laptop logged in all by itself at 2AM even though it was dissassembled i know i have a problem other than that i dont really care.

Re:LAN security

[eneville]

So what? I didn't make you go to the link. You clicked the link yourself. That's not my problem. If you read slashdot at work and you start following links in comments THEN YOU'RE NOT AT WORK, and personally I don't think you should be doing that during work time as you're potentially a risk to your employer by visiting sites that are of questionable trust. I'd probably sack you. You're lucky that I didn't put something there that would compromise browsers and what I did alerted you to the fact that you're going to questionable sites. This experience had learning for you.

Mod parent down!

I can't believe such advice is spreading in Slashdot! People, please do something about it! Think of our children!