Wireless Network Auditor

Several people sent in notes about this:"IBM research announced that it developed a wireless security auditor running on a Compaq iPAQ with Linux. The pictures on the IBM web page are much more revealing than the press release. Apparently the auditor can handle GPS input (correlate access points with GPS coordinates?) and associate with access points on demand." The main product webpage has more information about the capabilities, and notes that IBM hasn't decided yet whether to release it as a commercial product or a free tool.

What about on a Ship?

[Anonymous Coward]

http://wireless.uconn.edu

Amazing

[Anonymous Coward]

It still surprises me how many administrators will deploy 802.11 solutions in a totally insecure fashion. They should know better but, their ignorace makes for a fun pass time.

I have setup numerous wireless LANs that are very secure, I won't say totally because as soon as I say it someone will prove me wrong.

I also have done performance testing using various security solutions. My findings demonstrated that running a 168bit IPSec VPN over wireless performed equally well to configurations using Worthless Encryption Protocol(WEP).

So, all APs go outside the firewall. IPSec brings you through the firewall. Result, full connectivity and good security.

Works for me.

Re:Scanning for wireless networks

[laertes]

That's evil, but very cool. The nice thing about apple is that you even can script it, with no extra software.

logging with AppleScript

[bill_mcgonigle]

On the logging side:

set logFile to open for access (file myFileName) with write permission
set eof of logFile to 0
write myDataStructure to logFile
close access stateFile

Nix the eof line if you want to append rather tan overwrite. On the reading side:

set logFile to open for access (file myFileName)
set myDataStructure to read logFile as datatype
close access stateFile

Most people commonly use 'list' as the datatype since that's pretty useful, but you can coerce it into whatever you'd like.

Handheld 802.11 scanner.

[juuri]

I have one and it works out.

iPaq+PCMCIA Sleeve+802.11 card. Open the panel that lets you scan and check signal strength and have fun.

Network Stumbler

[Some guy named Chris]

This is already a fairly common practice, known as "war driving".

Marius Milner has written an incredible tool for Windows very similar to this called "Network Stumbler" which will scan for 802.11 networks, log them, and log the access point lattitude and longitude to disc for you.

• Network StumblerHomepage [nycwireless.net]
• Google Search for Network Stumbler [google.com]
• Personal Telco Page about Network Stumbler [personaltelco.net]

I had my doubts about driving around being able to pick up anything without an external antenna, but here in little podunk Valdosta, GA, I managed to pick up the local university dorm network with ease.

It's groovy.

Re:Network Stumbler

[blinx_]

I travel around 125KM to work everyday by train - often I have my laptop running and with my lucent/orinoco wavelan I can pick up around 3-4 wireless lans, without any external antenna.

I only see them for about a second or two, except for the ones that are located near stations where I can connect to them for a few minutes while the train stops.

Now if only the train would go a little slower, with those open wlans I could check my email a couple of times on my way to work :)

Re:Scanning for wireless networks

[CokeBear]

In my beta of the next version, it reports signal strength, and in the GPS version (due for release at MacHack next year) I'm actually hoping to figure out a way to draw a map of where the signal is strongest, to indicate the exact location of the Base Station.

Re:Scanning for wireless networks

[CokeBear]

I've been looking for one of these range extenders. Do you have pictures/installation instructions you can send or post on the web?

Scanning for wireless networks

[CokeBear]

Since I installed an AirPort Card in my iBook, I've been having fun driving around in big cities scanning for 802.11 networks. I even wrote a little AppleScript to help me. It uses Apple's speech manager to report when it finds a wireless network, allowing you to keep your eyes on the road if you're driving. I already found a few networks with very poor security, and have even sat in a parking lot, surfing off a corporate network. Download my AppleScript from http://homepage.mac.com/djfox/ [mac.com]

It's GPL'd, and I'm looking for lots of feedback, as this is my first real hack.

I plan to eventually add the ability to record the location of each network found, and log all the info to a file. (Anyone know how to log to a file with AppleScript?)

Way back when...

[wirefarm]

When Ricochet was new in the DC area, I managed to run a small web server from the basement of the Department of Justice. It was from my personal laptop, not connected to the DoJ network in any way, but it *Could have been*.
Kinda scary.
I understood the risks and *really* only used the Ricochet modem to get my personal mail and files from my home PC, but it shows a lot of the possibilities of this type of unauthorized conectivity.
Cheers,
Jim in Tokyo



MMDC Mobile Media [mmdc.net]

Demand for handheld 802.11 scanners

[drfalken]

From the look of some posts here other people are interested in this for the same reason I am: to find public access networks in cities without carrying their laptops around.

I did a search for just such a device earlier in the week and came up blank.

Does anyone know of any other ways of finding 802.11 networks? Even without security scanning features? Can it be done with a Rat Shack frequency scanner?
----------------------------

/.ed - mirror here

[Corrado]

Here [confluentasp.com] is my personal mirror.

--
Later...

Re:Scanning for wireless networks

[Knobby]

Sounds pretty slick. I just downloaded the script and took a look.. I'd be curious to see the results from your GPS enabled version.. Is there a way to measure the signal strength? I might be nice to record signal strength and location simultaneously.. With this info at a few points (interferance/reflections from buildings could make things a little tricky) you should be able to solve for the location of the hub/base station and then determine an optimal location to access said network (a park bench, cafe/coffee shop table, etc.)..

Re:Amazing

[isaac_akira]

I think the bigger problem is individuals at the workplace plugging in a base station so that they can use their laptops around the office OR even just plugging in their wireless-enabled laptop into the office ethernet, if that laptop is set to act like a base station. Very hard to track down and control (that *is* the market for this new device afterall), and most people who would do it wouldn't even think of the security issues ("it's just like a cordless phone, right?").

At last, the excuse I needed.

[illtud]

Kewl, I now have a reason to order an IPaq for work.

Now if only IBM can port linux to Canford Audio [canford.co.uk]'s rackmounted fridge and develop an essential-sounding app for it ("network coolant level monitor"?) then this BOFH is made.

Geocaching...

[don_carnage]

Now if we could only combine this with Geocaching [geocaching.com]...

I've hidden the cache at this coordinates on this companies network's NT server. Feel free to take warez from the cache, but be sure to put something back in return.

New sport! I call dibs!

--

Useful for finding public access points

[cameronk]

One of the problems associated with using 802.11b cards to connect to public internet points is the necessity of finding the access points. Last night, despite a good map, I could not find several Consume [consume.net] nodes in London. Perhaps this device will save me the trouble of holding my Powerbook like a baby while I walk down the street in the future.

64 - Host not available

[Quiezent]

Maybe they failed to locate a near-by hotspot..

Suddenly they found out it could also locate "virtual" doors into my office. Damn and i though a firewall was enough, anyone making radio firewalls cuz i'm going to need them when everyone starts infecting on my "leaking" radio-waves. Like moss on a damp wall.

- love? "LAN on vulnerable environment"

Re:Are there IT policies yet?

[imadork]

I work in a fairly large company as well, and I see plenty of things prohibiting employees from doing ANYTHING with the corporate network, wireless or not.
It takes enough red tape and forms and variances to have a stinkin' ethernet port turned on here. Even if wireless were more secure than Ethernet, anyone that does anything network-oriented without the blessing of IT (or organizations contracted by IT) is in a heap of trouble. There's sinply no business case to justify changing from Ethernet (a proven technology) at all. Period. Even if there is, trust me, the people who make the decisions don't (can't?) see it.

(And if you ever find out where I work (which you won't), remember that my opinions are my own and not necessarily those of my employer, or my employer's IT department, etc.... People also get in a heap of trouble for not saying that, even if they're posting anonymously.)

Re:64 - Host not available

[SCHecklerX]

You shouldn't even think of running wireless in an office environment (and probably not at home either) unless you are using IPSec. Problem solved.

Re:Useful for finding public access points

[rixster]

Have you found any working consume.net access points ? I think the idea's fantastic - but I haven't actually heard about it working anywhere yet... The only person that replied to my emails was a chap who lived within 300 m (great!), but was taking all his stuff to Edinburgh. (SOOL that time I guess).
I guess the only practical wireless alternative is to buy one of these babies and get war-walking....

Related Idea

[suwain_2]

I've always wanted to design a little battery-powered box that would monitor network traffic over a wireless LAN, and probe for security holes.

What I'd really like to find out is exactly how many homes have wireless LANs; I'd expect there to be a lot. If you were in the mood, you could also configure this black box idea to try to find a printer, and dump a file describing the holes there.

Now, wouldn't you be motivated to fix the security holes on your network if a description of them suddenly appeared on your printer? 'Course, a description might be in order so they don't get too freaked out... :-D
________________________________________________

Re:Let's hope they keep it to themselves !!

[Si_Druid]

This is totally the wrong attitude. Look at the other posts out here - if IBM didn't do it, someone else would (and maybe has). It's far better to level the playing field by giving the admins the same tools as the crackers, my hope is that easy access to these tools forces IEEE to harden WEP. Otherwise we'll all be spraying anti-freq on the outsides of our buildings. Si.

Re:Nice, but the UI is unusable

[Si_Druid]

Dear flamebait (heheh) - i agree, that's a pretty sucky interface... but then again the release says it's a prototype so hopefully that means they'll make it slick before handing it out. Can i get mine with skins, please? Reflecting, tho, i think the best tools i've gotten my hands on had the worst interfaces imaginable. In these fine days of GUI, the best tools still use naught but a command line : ) I'd be perfectly happy having a tool to check my network for holes that simply dumped the results to standard out. Si.

Re:Demand for handheld 802.11 scanners

[Lord Hugh Toppingham]

It is even easier than that. Buy an apple 'airport' you don't even need to hack it very much. Simply stand outside a likely looking building. (Banks are an ideal target). Watch in wonder as you realise that Banks don't even encrypt their wireless traffic half the time...

Are there IT policies yet?

[krugdm]

I work at a fairly large company, and in looking through the IT policies, I see nothing addressing employees setting up their own wireless networks. It would seem that similar to how companies have had to educate employees on the dangers of email viruses in recent times, perhaps now we also need to get the word out about how much of a security threat setting up a wireless network can be. The problem is that Bob in accounting might have enough technical know-how to get one set up so he can work in the park across the street on his laptop, but he may not be aware of how to properly secure the network to keep the "drive-by" hackers out.

Re:Network Stumbler

[mariusm]

On my commute I pass the Mountain View offices of a large company based in Redmond, WA. They have a little square of 4 L-shaped buildings. I drove around them and picked up 118 unique access points! Why would they need so many? I can pick up 4-5 of them from the other side of the freeway, even at 65mph!

mariusm, stumbler of networks

Re:wireless

[Purple_Walrus]

Actually that's a good point. I have been wondering quite a lot about the security of wireless networks. Is it easier to intercept data on a wireless network rather than a normal one? Does anybody know about this?
---