Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wireless Camouflage?

michael posted more than 11 years ago | from the difference-between-cover-and-concealment dept.

Security 174

Anonymous Coward writes "Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Fake AP is a proof of concept released under the GPL."

cancel ×

174 comments

Sorry! There are no comments related to the filter you selected.

FP? (-1, Troll)

Neurodyne (451414) | more than 11 years ago | (#4191746)

Can it be? My first post ever is a first post!? Woah!

Re:FP? (1)

ICA (237194) | more than 11 years ago | (#4191935)

Ummm, no.

Re:FP? (0)

Neurodyne (451414) | more than 11 years ago | (#4192078)

Whadda mean no?

This was my first post to Slashdot (I've been a lurker for years). And it was the first post (Ooo... wow =P)! So feh!

Anywho, I was just joking around in the first place. Just as I am now. =)

And how'd I get a Troll mod? What am I trolling for?

Caio baby!

Security through Obscurity (2, Insightful)

FalconRed (91401) | more than 11 years ago | (#4191750)

Perhaps the author of this tool forgot to read this:

http://slashdot.org/features/980720/0819202.shtm l

Re:Security through Obscurity (0)

Anonymous Coward | more than 11 years ago | (#4191800)

True, but if no network is 100% secure doing this causes 9/10 cracker/script kiddies/netsumblers to give up then it is an improvement of security.

Re:Security through Obscurity (2)

mindstrm (20013) | more than 11 years ago | (#4191822)

No.. it won't.
It's not about using up bandwidth.. it's simply the data packets that announce other APs as present.
A very small amount of traffic, actually.

Re:Security through Obscurity (3, Insightful)

Otter (3800) | more than 11 years ago | (#4191832)

"Security through obscurity doesn't work" is an aphorism, not a law of thermodynamics. It's foolish to rely on obscurity, but there's no reason why it can't add an extra layer of protection.

Same for Brooks' law, for all the people who love to invoke that one. It's not a formal proof that adding a developer will necessarily delay a project.

Re:Security through Obscurity (2)

schon (31600) | more than 11 years ago | (#4191938)

It's foolish to rely on obscurity, but there's no reason why it can't add an extra layer of protection.

If you can't rely on it, why are you wasting your time doing it in the first place?

Security through obscurity is never "protection" because you're not really doing anything - because people who believe it's useful do rely on it.

That being said, I disagree that this is obscurity - like a honeypot, nothing is being hidden; I see it more as a way to waste a potential hacker's time.. if they try a few that are bogus, they'll give up and go elsewhere.

Re:Security through Obscurity (2, Insightful)

King of the World (212739) | more than 11 years ago | (#4192076)

If you can't rely on it, why are you wasting your time doing it in the first place?
Because security isn't binary, good security is about lowering the odds of a break-in. Obscurity achieves this, and it can often be a very quick way of lowering the odds of intrusion.

Re:Security through Obscurity (2)

zapfie (560589) | more than 11 years ago | (#4191969)

Would you consider passwords to be security through obscurity? Security through obscurity isn't a bad thing- it just shouldn't be what your security relies on.

Camouflage? (-1)

Fecal Troll Matter (445929) | more than 11 years ago | (#4191751)

I can't see you, Osama, why aren't you on al-jazeera anymore?

OSAMA IS DEAD (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4191827)

Just like open source.

Re:OSAMA IS DEAD (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4191895)

Dude... you ain't getting laid... just face it!

Won't this kill available bandwidth? (2, Interesting)

Anonymous Coward | more than 11 years ago | (#4191752)

Won't this kill available bandwidth?

Re:Won't this kill available bandwidth? (1, Funny)

Anonymous Coward | more than 11 years ago | (#4191767)

This is 802.11b.
There is no bandwidth anyhow :P

Re:Won't this kill available bandwidth? (1)

HotNeedleOfInquiry (598897) | more than 11 years ago | (#4191868)

Are you stupid or just trying to be funny? I get 1.2mbps actual ftp transfer speed all day long over a 1600 foot 802.11b link.

Re:Won't this kill available bandwidth? (1)

ICA (237194) | more than 11 years ago | (#4191943)

I would pose the first sentence of your post back to you...

On a related note, you won't mind if I bring in 20 access points, or a few microwave ovens and place them in range of your network right?

Since you have invincible bandwidth and all.

first p to the izzost (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4191755)

first p to the izzost

FP (0)

Anonymous Coward | more than 11 years ago | (#4191758)

FP, but this is smart. Too bad companies probably won't have the know how and intelligence to put this into affect.

Hed23

What's next? (4, Funny)

WIAKywbfatw (307557) | more than 11 years ago | (#4191759)

Fake breasts?

Cacophany! (1, Funny)

utdpenguin (413984) | more than 11 years ago | (#4191761)

I always admire a man who can use that word in a sentence.
Kudos!!


* bows to anonymous coward *

Re:Cacophany! (0)

Anonymous Coward | more than 11 years ago | (#4191955)

...except that the article poster spelled it correctly, and you didn't.

It has the "phone" root, meaning sound... cacophOny.

Re:Cacophany! (0)

utdpenguin (413984) | more than 11 years ago | (#4192097)

I never said I admired a man who can speel it correctly. Thats a piddling little acheivment. :)

So how do your wireless devices know what's real? (1)

hackwrench (573697) | more than 11 years ago | (#4191771)

So you set up one of these things... How do your devices know what's real?

Why... (2)

gatesh8r (182908) | more than 11 years ago | (#4191779)

You take the red pill!

Re:So how do your wireless devices know what's rea (2, Informative)

extra88 (1003) | more than 11 years ago | (#4191789)

The have the correct SSID entered in their settings.

DOS application? (2, Insightful)

eander315 (448340) | more than 11 years ago | (#4191773)

Couldn't this software also be used to confuse actual end-user's wireless cards that try to find the legitimate AP? Seems like most wireless cards/software would have a hard time finding the real AP if there are 53,000 fake ones to choose from.

Re:DOS application? (2)

cscx (541332) | more than 11 years ago | (#4191788)

Not if you know the correct SSID, which was gives to you via a secure channel (e.g., paper).

Re:DOS application? (1, Informative)

Anonymous Coward | more than 11 years ago | (#4191795)

No, since you are manually setting your card to a specific network name you and your AP will be able to talk. If you are trying to passively sniff a network for available network names you will have a hard time since lots of phoney ones are received (or at least that seems to be the idea behind this).

Re:DOS application? (2)

funky womble (518255) | more than 11 years ago | (#4191829)

Well, only if they don't already know the SSID.

It'll probably stop Steve and Bill [infoworld.com] from stealing your service, though :-)

Imagine . . . (1, Funny)

Anonymous Coward | more than 11 years ago | (#4191774)

A beowulf cluster of these!


hehehehe. THat joke never gets old.


well not to me anyway.

Peripheral damage (2)

RollingThunder (88952) | more than 11 years ago | (#4191781)

Correct me if I'm wrong, but a quick scan through the README doesn't seem to imply it'll do anything more than scream at the top of it's digital lungs with ever-changing AP SSID's.

Isn't that going to completely slaughter your actual AP?

No. (1)

The Turd Report (527733) | more than 11 years ago | (#4191864)

Because you *should* know what your SSID is. Your correctly configured device will have no problem making a connection, but some 3viL Hax0r will have a hell of a time connecting.

Re:No. (2)

RollingThunder (88952) | more than 11 years ago | (#4191874)

Sure, but there's still going to be assloads of superfluous chatter on the channels in the area. That can't be impact-free.

Re:No. (1)

The Turd Report (527733) | more than 11 years ago | (#4191916)

Well, it certainly isn't impact-free. I'd call it impact-lite. It is just that the packets that announce APs are a small fraction of the outgoing packets.

Re:No. (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4191889)

I haven't been paying attention for a while. Is The Turd Report going legit?

Re:Peripheral damage (1)

dragorn (41008) | more than 11 years ago | (#4191949)

This is still trivial to see past - look at the number of data packets, and you have your real network. End of problem.

As for bandwidth usage - 802.11 is collision-based shared media just like unswitched wired ethernet. If you keep flooding the airwaves with junk packets you increase the chances of there being a collision and decrease the available bandwidth. Actually securing the network is a better course of action.

-m

DMCA (1)

greymond (539980) | more than 11 years ago | (#4191786)

how long before the DMCA starts saying that "counterfit 802.11b hot spots" is like DoS atacks on the WiFi community? I'm sure they'll find somethign wrong with this - even though I think it would be great considering I use an 802.11b wireless connection that sometimes seems to drop its speed when a lot of people are nearby - hhmmm.....

Re:DMCA (0)

Anonymous Coward | more than 11 years ago | (#4191835)

DMCA starts saying ... they'll find somethign wrong

The DMCA is a law, not a "they".

Re:DMCA (1)

SN74S181 (581549) | more than 11 years ago | (#4191988)

He was using DMCA as shorthand, not meaning the specific law. DMCA means 'the bogeyman' here on Slashdot. Didn't you know?

So who's going (1)

RebelTycoon (584591) | more than 11 years ago | (#4191790)

to port it to Windows?

I'm not being a prick... But there are a lot of users out there who use WinDoze and this would be another tool in protecting us from those crazy script kiddies...

Oh to be young and under 18 again...

Re:So who's going (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4191885)

Anyone who uses WinBlows is BEYOND help.

Re:So who's going (3, Funny)

laserjet (170008) | more than 11 years ago | (#4191901)

Our you could just secure your system(s). There are better ways to protect yourself than this. This is just obscurity. It is like trying to avoid sexually transmitted diseases by dressing as a transvestite. Sure, it may work, but there are much better solutions.

Re:So who's going (4, Insightful)

analog_line (465182) | more than 11 years ago | (#4192062)

It's not security through obscurity, it's creating a forest around your tree. While I may be able to secure the machines on my network, use a VPN for all transactions over the wireless network, there's no real way to secure my access point. WEP is a joke, plain and simple. If someone gets on my wireless network unauthorized by me, I'm liable for whatever shit they might pull through my internet connection, so I don't see the supposed stupidity in making it alot harder for someone to find the real access point. I have my doubts that this software is as effective at what it's trying to do as it's author(s) claim, but even so, it narrows the potential abusers of my network down to the determined, patient, and lucky. No security is perfect. You just have to run faster than the slowest guy to avoid getting eaten by the lion, you know?

And a better analogy would be trying to avoid venereal disease by dumping condoms all over the place so it's a veritable certainty that you'll be within reach of one wherever you happen to find yourself doing the nasty.

A better

Re:So who's going (1)

elphkotm (574063) | more than 11 years ago | (#4192117)

or... having sex with thousands of people and saying that makes each instance of sex have a lower likeliness to cause an STD.

Re:So who's going (0)

Anonymous Coward | more than 11 years ago | (#4192106)

On the other hand, such a tool as described here fits very nicely into the average windows user/box. Since this is the exact philosophy that William Gates is dicating.

DO NOT RUN: HIDDEN TROJAN (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4191791)

Thanks to the braintrust that provide the janitorial services I almost installed a trojan. Good God, do any broom-pushers actually look at a submission before posting it? "gawrsh Lunix dunt get virii it roolz!!!" Frontapage slashdot, now that was a creative piece of social engineering for delivery. So close to the anniversary as well. And to think I considered subscribing. ~ Really, Windows Sucks?

Doesn't this just slow down the wardriving a bit? (4, Insightful)

westfirst (222247) | more than 11 years ago | (#4191798)

So I get a list of hundreds of access points. My trusty computer can be programmed to check them all one by one. Only the legit one will respond. I realize this is a bit slower, but I think the number of fake APs needs to be huge to hurt the war drivers.

In fact, I think that the problem with this solution is the amount of effort expended in defense is equal to the amount of effort for the war driver. You've got to have a PC pumping out fake APs constantly. Both radio modems are putting out the same bandwidth. This isn't a good equation for most of us.

Good encryption, on the other hand, takes only a few cycles to do but a gazillion cycles to undo. That's a great ratio of defense to offense.

Plus, don't the fake APs still end up jamming the channel. If you're faking an AP, someone else can't use the channel on that micro second. Given that wardrivers come only occasionally, but the jamming goes on constantly, I think that the legitmate users will pay a big price in network access for something that would only slow war drivers down a bit.

But I may be wrong.

Re:Doesn't this just slow down the wardriving a bi (1)

The Turd Report (527733) | more than 11 years ago | (#4191873)

The packets that announce an AP consume a tiny fraction of your available bandwidth. There should not be a noticable drop in bandwidth.

Yes. Re:Doesn't this just slow down the wardriving (4, Insightful)

WolfWithoutAClause (162946) | more than 11 years ago | (#4191939)

The packets that announce an AP consume a tiny fraction of your available bandwidth. There should not be a noticable drop in bandwidth.

That's probably its achilles heal. If you measure which AP point has the most traffic, you've blown past any illusion of security this gives you.

Re: wouldn't improperly encrypted pkts be better (2)

hburch (98908) | more than 11 years ago | (#4191930)

This sounds more interesting to me. I have no closely looked at the exploitation of WEP to see if introduces a low level (~1%) of improperly encrypted packets would cause problems or not. My guess is that it would, although you would have to be careful that the false encryptions were subtly wrong. What I do not know if how much harder it would make it. Perhaps more important, I do not know how possible it is to do with commercial cards.

Of course, the much better solution would be if encryption was used properly by wireless networks. If you add a good key management system, it might even be usable (a globally shared key is just not a good idea). Many people are working on these, of course. Of course, it does not matter how good your encryption is if people do not use it.

Dumb. (4, Informative)

Fat Casper (260409) | more than 11 years ago | (#4191799)

Um... Why not secure the damn network instead?

Re:Dumb. (1)

s0l0m0n (224000) | more than 11 years ago | (#4191814)

Agree'd..

Security through obscurity is not the best solution.

It seems to me that if this solution is commonly used, the tools will also rapidly adapt.

Re:Dumb. (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4191964)

You are a fucking twit. Not only does your nickname prove it, but the fact that you believe "agree'd" is an actual conjunction.

Thanks for posting, but I suggest you kill yourself.
-The English Troll

I ask that question... (2)

fm6 (162816) | more than 11 years ago | (#4191846)

...every time somebody goes on a silly hackers witchhunt. Been asking for a long time!

Uhm, huh? (2, Interesting)

Qwerpafw (315600) | more than 11 years ago | (#4191801)

I really don't understand how this works. I perused their website for a bit, and even downloaded the binary, but it still bewilders me.

So this program creates a whole host of fictional access points? Well, a few points I don't get

How do *you* the correct user, find out which AP is correct?

What keeps the wardriver from doing that?

How does this affect performance?

how does this affect range?

If it doesn't affect either of the two above, then how does it work? It requires, apparently, only one 802.11b card...

Of course, I only run a small wireless network, and I am really not the most technically skilled of people. However, I use whatever security I have (the relatively weak WEP, with a well generated key), and would love having a bit more assurance of network safety.

Anyone who understands this willing to come forwards?
(And not just understanding in principle, i understand their whole schpiel about hiding in plain sight, like an apple in a barrel of apples.)

Re:Uhm, huh? (0)

utdpenguin (413984) | more than 11 years ago | (#4191834)

(And not just understanding in principle, i understand their whole schpiel about hiding in plain sight, like an apple in a barrel of apples.)


Or Michael Jackson in a barrel of monkeys

Re:Uhm, huh? (2, Informative)

The Turd Report (527733) | more than 11 years ago | (#4191892)

How do *you* the correct user, find out which AP is correct?
You should know what your SSID is. That is how your device knows which AP it should use.

What keeps the wardriver from doing that?
Don't tell the wardrivers your SSID. :)

How does this affect performance? how does this affect range?
Minimal. The packets that announce APs are a small fraction of your outgoing packets.

SSID def, (1)

kingkade (584184) | more than 11 years ago | (#4192001)

For anyone who doesnt know: http://www.webopedia.com/TERM/S/SSID.html [webopedia.com]

You still need a secure authentication b/c the ssid can be sniffed. What solutions are there for this prob?

Re:Uhm, huh? (1)

great_flaming_foo (561939) | more than 11 years ago | (#4191937)

The software basicly turns you Wan card in to a compulsive liar. It keeps saying it is diffrent accesss points but it will only respond to its real name. You as a legit user know the real name because the person who set it up told you the real name. In that way it kinda works like a password, but the AP is broadcasting possible passwords all the time. It seems to me the person who wrote the software doesn't quite get the consept of "just because we can, doesn't mean we should"

Re:Uhm, huh? (0)

Anonymous Coward | more than 11 years ago | (#4191952)

How do *you* the correct user, find out which AP is correct?
Because *you*, the correct user, know the real AP's SSID.

What keeps the wardriver from doing that?
Because, in theory, they don't know the correct SSID.

How does this affect performance?
802.11b is spread-spectrum, so not much at all. Just on that wireless card.

how does this affect range?
...why would it?

If it doesn't affect either of the two above, then how does it work?
Magic. [jargonfile.com]

Script kiddies are people too (2, Insightful)

Dunhausen (455277) | more than 11 years ago | (#4191802)

Is there really such a problem with people mooching off wireless networks?

I mean come on. Is the big problem in todays work environment really that before all the staff can play Quake III on the company LAN someone has to go out and scatter all the hooligans with laptops?

This is cool, don't get me wrong. But if encryption isn't enough, go with the cat5 cable.

Re:Script kiddies are people too (1)

The Turd Report (527733) | more than 11 years ago | (#4191902)

Is there really such a problem with people mooching off wireless networks?
Right now? I'd guess not. But, as soon as Joe Average-user figures it out...

Do not download this tool. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4191805)

It appers to be sending the hybrid virus to any illegal node on the network (kinda drastic right), the virus is coded at 0x840024 and is attached from there onto 24th segment of the file. Virus seems to be pure (as in it's not altered from that found generally in the wild). Once again, this is something you should avoid.

Re:Do not download this tool. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4191865)

This is not a troll post. I have checked it properly. Please compaire the segements given above with hybird. It looks the same. From what I think, these guys are giving hybrid to anyone who connects them through war driving.

Okay, you can shuudup now (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4191888)

see subject

Nice site... (2)

bhsx (458600) | more than 11 years ago | (#4191809)

Pretty much everything on the site is included in the submission. Fairly amusing... anyone tried this? How about a full report on it's usage in a heavy wardriven area like downtown Chicago or San Francisco?

Open source Innovates! (1, Redundant)

MrWinkey (454317) | more than 11 years ago | (#4191813)

That has got to be one of the coolest things I've seen. The article is a lil short on details but this reminds of the article on LeBrea. [slashdot.org] the software to mire the MS worms....

This is pretty innovative.....sorry just my 2 cents.

Dear Asshat Michael: (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4191815)

Pls stop posting blatant press releases thx.

Won't Work (1)

Ken@WearableTech (107340) | more than 11 years ago | (#4191825)

It won't work! Of the 50,000 AP's you just need to find the one called tsunami.

A much simpler solution... (3, Interesting)

ihowson (601821) | more than 11 years ago | (#4191826)

that doesn't eat up bandwidth on your network, is to simply disable beacons on your AP. Having thousands of beacons sent makes it fairly obvious that there's an actual AP somewhere in the area, and there are other ways to determine the real network name.

Admittedly, not all AP's allow beacons to be disabled. But then, Kismet doesn't need them at all to detect networks.

Re:A much simpler solution... (1)

lommer (566164) | more than 11 years ago | (#4191967)

What if you disabled the actual beacon, but then enabled all of these bogus ones?

That should throw one more wrench into the intruder's machinery...

Micheal, PLS INVESTIGATE (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4191836)

The site you just submitted is owned by a script kiddie group on dal.net #viraltux, on of the ops there Phreezeraw was seen bosting about having ended up on slashdot. I would highly doubt the quality of the software included, and as mentioned elsewere (by me), the download in question has hybrid virr (lin/win32) embedded in it. Please remove from slashdot and verify.

Physical security (4, Funny)

trentfoley (226635) | more than 11 years ago | (#4191837)

Let's hope that this concept is never applied to physical security. Imagine working in an office/cubicle with 32 keyboards and 64 mice, rj45 and rj11 jacks everwhere, throw in some extra pc cases to fill every inch under your desk -- with only one of each that actually works

Re:Physical security (5, Funny)

zrodney (253699) | more than 11 years ago | (#4191854)

... Imagine working in an office/cubicle with 32 keyboards and 64 mice, rj45 and rj11 jacks everwhere, throw in some extra pc cases to fill every inch under your desk -- with only one of each that actually works


You must know the guy who set up our office network

Re:Physical security (0)

Anonymous Coward | more than 11 years ago | (#4191875)

I miss the fact that at my old company I had three switches, five computers, two 24 port patch panels, and a chit load of cable coming out of everywhere. True security through obscurity.

(yes, I was really really really^pi bored)

Re:Physical security (2)

CSG_SurferDude (96615) | more than 11 years ago | (#4191915)

That sounds like the offices of most Senior System Administrators that I know. (Myself included). ;-)

What a day... (4, Funny)

Dannon (142147) | more than 11 years ago | (#4191843)

First, uncloaking networks [slashdot.org] . Then, invisible cloaks [slashdot.org] . Now, cloaking networks.

Next thing you know, we'll see a post about the invention of visible cloaks.

Why this is a bad thing (0)

Anonymous Coward | more than 11 years ago | (#4191849)

Not everyone accessing wireless networks is bad. Nor is everyone even doing it intentionally. I, for one, having accidently coming across an insecure wireless LAN, will do everything in my power to attempt to notify the owner and tell him to secure it. Given fake access points, this will only create more insecure wireless LANs because nobody will want to report insecure ones to the owners.

Not much help unless your network is unused.. (5, Insightful)

funky womble (518255) | more than 11 years ago | (#4191857)

This won't do anything to hide an active network, people will just look at the data traffic instead of the beacons.

uhhhh, OK. (1)

wowbagger (69688) | more than 11 years ago | (#4191858)

So, we have a story submitted by an AC, linking to a site with very little information on it. Mayhaps the AC was the site operator?

Now, how does this generate all the frames? Does it require the 802.11 interface to be on the Linux box, or does it manage to send the data to the interface as normal packets. In other words, if I am using one of the Linksys router/802.11 boxes, can I run this on my normal Linux box, or do I need to hack the Linksys to run Linux?

And what is the effect on throughput? Any time the system is sending a fake frame, that is time it cannot be sending real data.

Security through obscurity (1, Redundant)

KILNA (536949) | more than 11 years ago | (#4191859)

This is like painting your house the same color as the hill behind it, or better yet, using mirrors to create a bunch of fake reflections of houses. Not using encryption over wireless is akin to having no key-lock on the front door. Obscuring your house does little to keep someone from taking your precious collection of Atari 2600 cartridges.

I thought that the (1)

Anonymous Coward | more than 11 years ago | (#4191866)

party line for all of us was to mock security-through-obscurity. Did I miss a memo?

Oh, I see. It runs on Linux. Never mind. Carry on and sing praises to it.

From the trenches.. (5, Insightful)

Render_Man (181666) | more than 11 years ago | (#4191879)

As a wardriver, I think that this would definatly confuse and annoy anyone driving around.

However I've noticed that companies with wireless AP's tend to be in clusters in close vicinity to each other. I'm just wondering what the effects on the persons neighboor would be. I could just see someone running this and just confusing the hell out of his neighboors. It would be even worse if the fake broadcasts were on different channels, then there would be real chaos with legit users.

Fun to play with, but not practical for production since a determined attacker would wade through the data to get your real SSID

Just my $0.02

OT: microsoft class action suit to proceed (0)

Anonymous Coward | more than 11 years ago | (#4191883)

click me [usatoday.com]

MAC filter always worked for me (3, Informative)

nowt (230214) | more than 11 years ago | (#4191894)

I have a 3com Airconnect AP (one of the earliest AP's available). It has MAC filtering for nics. For the odd time I have a new nic I want to use, I need to add the MAC addr to it to even get a signal.


It seems to work very well and would foil would-be wardrivers.

Re:MAC filter always worked for me (2)

NetJunkie (56134) | more than 11 years ago | (#4191917)

You can change the MAC address on wireless cards easily now. MAC filters are about useless these days.

Re:MAC filter always worked for me (2, Insightful)

ICA (237194) | more than 11 years ago | (#4191927)

Why would this foil them exactly?

You're most likely right, since they are likely doing this for sport, not hacking. If you are using this simply as a deterrent, not security, then you are correct.

However, any hacker who actually wanted in your network could do so in seconds:

1. Listen for a unicast frame to determine a valid MAC address on the network.
2. Change MAC address on his/her card to be one of the MAC addresses.
3. Pillage the network of the person sitting dumb, fat, and happy on their unsecured net.

The short and sweet of this is that it is not hard to spoof MAC addresses. Therefore, Access Control Lists (ACL) can not be the only level of security.

Re:MAC filter always worked for me (0)

Anonymous Coward | more than 11 years ago | (#4191931)

..except that I can change the MAC address of my wireless nic. So, all's I have to do is wait for you to broadcast with your MAC addy, record it, change my MAC addy and wait for you to go to bed.

Oops :-P

This is not security (0)

Anonymous Coward | more than 11 years ago | (#4191896)

This is absolute retardness. I mean it.

If you can't secure your own network, why are you being a pest to other networks around you? This tool would hinder other legit network users of other networks close to this. This is a nightmare... the tool itself could be classified as virus or worse.

website design (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4191898)

What the hell is with that huge bar at the top of the top of the page that widens the entire page? Did Klerck design their site for them or something?

that explains the asshole... (0, Troll)

Hooya (518216) | more than 11 years ago | (#4191908)

... fake pussy!!

Security through obscurity? (0)

Anonymous Coward | more than 11 years ago | (#4191920)

How's this different from security through obscurity? Why's everybody finding it so cool?

Contaminated Coffee. (4, Interesting)

perlyking (198166) | more than 11 years ago | (#4191922)

Am I the only one who saw this and thought of Starbucks?
:-)

This seems easy to circumnvent (2, Interesting)

TechyImmigrant (175943) | more than 11 years ago | (#4191948)

The messaging of WEP security associations within the 802.11 mac spec is performed in the clear by passing challenge texts and responses around.

So just compile a list of all the APs you see and listen out for a good security association. From this you can devine the real AP.

With the proposed enhanced security mechanisms (TKIP & AES) the encryption similarly is not turned on until a security association (based on 802.1x) is completed. You can see this happen on the air and you can see which AP is being communicated with.

For this to work well you might need to also fake lots of good security associations to all the fake APs that are beaconing.

I see this is a poor mechanism. It is security through obscurity. It can be circumvented and the beacons suck away bandwith.

TKIP is the way to go.

It may confuse wardrivers... (0)

Anonymous Coward | more than 11 years ago | (#4191997)

but where there is smoke, there is fire.

This will just prove that there is, in fact, an AP to look for but it will require some work.

If this becomes popular look for wardialers for wardrivers.

Very effective @ DCX (2, Interesting)

kwj8fty1 (225360) | more than 11 years ago | (#4192043)

While I was at defconX, I fired up kismet at one point, and started see lots of APs. It turns out that the folks sitting behind me had been from Black Alchemy, playing with this neato tool. I personally saw about 600 APs/minute with this tool under kismet, and they had lots of dumb windows clients trying to associate with them. With some tuning, I'm sure they could get the number of APs per second to increase (They may have done this by the time of release).

It was good stuff, and I ended up getting my name in the credits. :)

Re:Very effective @ DCX (0)

Anonymous Coward | more than 11 years ago | (#4192128)

What's your name? We don't recall ever giving credit to anyone attending defcon. Why should we? Who are you anyway?

Wireless DOS attacks? (2)

Sarin (112173) | more than 11 years ago | (#4192135)

It made me think, say you have an "evil enemy" company, or wait.. a corporation (it sounds more evil somehow) which is stealing all your hard earned profits. All you have to do is get a car with a couple of nice antennas (if you want to do it nice, but perhaps you won't even need it) and a couple of laptops and park it close to their office. Then you intercept the channel and ssid of their wlan, and you start to flood it with a lot of random packets using their channel and ssid. That's going to be more than a little annoying then, perhaps to the point that some people would even call it a DOS attack right?

Now, I don't think such a thing is illegal or is it?

Wait a minute... (2)

EvilTwinSkippy (112490) | more than 11 years ago | (#4192144)

Why not spray paint on the side of the building "Hey there's an 802.11 access point in here!"

Come on! They idea is for them not to notice, and set up a barrier if they do. Not for you to set up a red light district.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>