Forgot your password?
typodupeerror
Wireless Networking Hardware IT Technology

New Way to ID Invisible Intruders on Wireless LANs 122

Posted by Zonk
from the you-have-laboured-to-produce-a-biologic dept.
Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."
This discussion has been archived. No new comments can be posted.

New Way to ID Invisible Intruders on Wireless LANs

Comments Filter:
  • Re:LAN security (Score:0, Informative)

    by Anonymous Coward on Friday November 30, 2007 @09:54AM (#21531673)
    Troll (internet is serious business).
  • by mybecq (131456) on Friday November 30, 2007 @10:27AM (#21532043)

    Australia's University of Technology in Queensland
    Otherwise known in reality as the Queensland University of Technology [qut.edu.au] in Australia.
    Zonk or Bergkamp10, please do us all a favour and don't change the name of institutions.
  • by Anonymous Coward on Friday November 30, 2007 @12:20PM (#21533491)
    yea, but if you set up your wireless network with a specific set of MACs and only allow those macs to log in, keep all of your machines on so someone can't hijack the mac, and disable logins to your router from anything but one of those macs, they won't even be able to connect even after they crack your password unless they can flood your router or otherwise break it. Very few people can do this.

    If you augment this with weekly password changes and the strongest possible password, they aren't getting in unless they control a lot of systems. Yea they could still break your wireless network eventually, but there are other wireless networks that are far easier to get into so they'd move on.

    Beyond that you secure the hosts on your network as well.

    Security isn't about making your network unbreakable, which is impossible. It's about making your network not worth someone's time to break into. You do this with layered security and being polite.

    Network crackers go for the low hanging fruit every time, unless it's a targeted attack, which most home users don't ever need to worry about unless they piss off the wrong person. They'll get your neighbor that didn't change the default password and doesn't password his hosts. There's a buffet out there of easy to break networks, so chances are, if you take reasonable precautions, and don't go around flaming people, you are fine.

    Personally I don't run a wireless network. I pulled Cat5-e to every room in the house while I was rehabbing and don't need it. I did this before WEP matured because I didn't trust wireless at the time, wired networks Just Work(tm) and are much faster. Of course it's easy to do this when your walls are open 8)

    -AC
  • Re:Wireless 101 (Score:2, Informative)

    by robbeh (926092) on Friday November 30, 2007 @01:25PM (#21534563)
    WEP is useless and can be cracked in less than 10 minutes using any laptop made in the last 10 years. Keep on using that WPA though.
    MAC filtering is useless because anyone with Kismet can see the active MAC addresses on the network.
    SSID hiding is useless because anyone with Kismet can see the active SSIDs around them.

    Someone mentioned it earlier, but have a look at this:
    http://blogs.zdnet.com/Ou/index.php?p=43 [zdnet.com]
  • by kickdown (824054) on Friday November 30, 2007 @02:16PM (#21535383)
    "WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own."

    You are assuming that WPA needs a human-configured passphrase here. Your calculations are all nice, but they refer to WPA-PSK (pre-shared key). If you use WPA with IEEE 802.1x (sometimes called WPA-"Enterprise"), a PMK (Pairwise Master Key) is generated by a AAA server *anew for every session*. I.e. as soon as someone logs off and on again, your calculations got to start from scratch. I'm assuming people don't stay connected 37 days continuously on a WiFi connection, so your botnet attack is rendered useless. To be on the safe side, you can set your APs to negotiate new keys at your personal paranoia level time interval even when connections persist.

    Even with WPA-PSK, your reasoning is only correct if you really want the PMK of WPA-PSK. Your botnet could be faster if you just want the current session key: it is 128 Bits in length (both with TKIP encryption and AES), so you only need to try 2^128 numbers to get in. The amount of randomness for the PMK is irrelevant if you just want to get into a session quick-and-dirty. Another reason for WPA users to rekey every so often.

    WPA-Enterprise is used worldwide in educational institutions in a free (as in spirit and in beer) manner right now, including worldwide roaming: check http://www.eduroam.org./ [www.eduroam.org]. Even in Queensland numerous universities are participating and thus have something at their disposal that is way less suscepible than static session keys. http://www.aarnet.edu.au./Content.aspx?p=133/ [aarnet.edu.au] suggests that University of Queensland is in, so I guess they are just doing the research to show people how unsecure WLAN networking is if you *don't* use IEEE 802.1x :-) Yes, that was a shameless sales pitch. This is slashdot, I'm *supposed* to promote my pet projects here, right?
  • Reading TFA. (Score:3, Informative)

    by Eevee (535658) on Friday November 30, 2007 @02:30PM (#21535607)

    Well, the first thing you need to do is actually start reading the article you're using for support. From the fine article you quoted:

    The FBI says it found CDs with child porn in Perez's room, the only one it searched.

    Up to the time you can show how a wifi connection will make a physical CD magically show up in a room, then any argument about plausible deniability based off this case is full of it. You can't claim someone else was using your wireless connection to download child porn when you have a big stack of CDs with child pornography on them. Nobody is stupid enough to believe that. The only way this could have been a test case would be if they hadn't found any evidence beside the network traffic.


    What this shows is that illegal traffic coming to/from your address constitutes probable cause, which is a different kettle of fish.

  • by cbiltcliffe (186293) on Friday November 30, 2007 @05:44PM (#21538283) Homepage Journal
    You need to look into cracking WPA-PSK. You don't need to know anything about the traffic. All you need are 4 packets, one if which is a hash of the passphrase. You hash your passphrase list until you find one that matches the hash captured from the AP, and then you've got your passphrase. No extra traffic necessary.

There is hardly a thing in the world that some man can not make a little worse and sell a little cheaper.

Working...