New Way to ID Invisible Intruders on Wireless LANs

Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."

Virtually impossible?

[morgan_greywolf]

I don't know about that. I use WPA-PSK security on my WLAN, and I regularly monitor my network using ordinary means (logs, IDS, etc.) and I haven't seen any evidence of intruders, invisible or otherwise. I suppose this is one more thing I could add to my arsenal, but how many with security turned on really have trouble with this?

Re:Virtually impossible?

[cbiltcliffe]

and I regularly monitor my network using ordinary means (logs, IDS, etc.) and I haven't seen any evidence of intruders, invisible or otherwise. I suppose this is one more thing I could add to my arsenal, but how many with security turned on really have trouble with this?

If the intruders were invisible, how would you see them in logs and IDS? They're invisible. Passive monitoring won't show up in any logs. I know, because I do it sometimes as part of my security service to my customers. You can break into a WEP-encrypted moderate-traffic wireless network without sending a single packet. Once you're in, you can capture all traffic on that network and save it, again, without sending a single packet.
WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own.

Using the Storm botnet as an example:

There were estimates that put the botnet as large as 50,000,000 computers. Having done WPA-PSK key cracking on a P4 1.6 laptop, it can run around 30 passphrases/second. My desktop is significantly faster, although I haven't actually tried PSK cracking on it. I'd assume probably 45 / second or more. It's not a state of the art machine, by any means. Probably about average.

So if we assume an 8 character random passphrase, (which is all a lot of people will use, so it's easier to remember) that you can type on your keyboard, (again, who's going to use Alt-Numpad combinations?) there are 96 possible keystroke characters that can make up each byte. 96^8 = 7213895789838336 possible password combinations.
Assuming 45 passphrases / second for each machine, it will take, using this botnet, just over 37 days to break that password. That's assuming the most complex password possible for 8 characters. Realistically, you can take out any special character that's not in 13375p3@k, and for most all you'd need is numbers and letters. That'll cut your time significantly.
Yes, that's only an 8 character password, which will take 96 times as long to break with only 1 extra character, but how many people, who don't use their full allotment of 63-characters of randomness, are going to use something like "password", "dave sucks", "fleabert" (name of their cat), or even "fleabert scratches too much" as their passphrase?
Now you've got standard words, which can easily be pulled from a dictionary and put together in different combinations until the passphrase is cracked. Trivial, with enough computing power. And unfortunately, the only people who have access to that kind of computing power, are (I shudder to use the word) cybercriminals.

Re:

[morgan_greywolf]

Of course, any security can be cracked... I personally use a shared key that is significantly longer than that. adding 1 extra character over 8 makes it 96^9, but adding, say 3 extra characters makes it 6382393305518410039296 possible password combinations, which would take that same botnet like 90,000 years to crack.

Oh, yeah, and bear in mind: those 50,000,000 would all have to be in range of the access point and would have to not overwhelm the access point. Even the best Cisco Aironet equipment isn't g

Re:

[VenTatsu]

You only need one computer in range of the WAP to capture the encrypted traffic. Then a bot net could be used to attempt to decrypt the traffic. While doing this is significantly harder that trying to associate directly it is also totally passive, and can be run in parallel.

Re:

[morgan_greywolf]

Using that method, you have to know something about the encrypted traffic in order to determine if you've found the plaintext or not. In any regard, you'll have to apply some analysis to figure that out and that means you'll need more processing power than what was mentioned.

Re:

[cbiltcliffe]

You need to look into cracking WPA-PSK. You don't need to know anything about the traffic. All you need are 4 packets, one if which is a hash of the passphrase. You hash your passphrase list until you find one that matches the hash captured from the AP, and then you've got your passphrase. No extra traffic necessary.

Re:

[Anonymous Coward]

yea, but if you set up your wireless network with a specific set of MACs and only allow those macs to log in, keep all of your machines on so someone can't hijack the mac, and disable logins to your router from anything but one of those macs, they won't even be able to connect even after they crack your password unless they can flood your router or otherwise break it. Very few people can do this.

If you augment this with weekly password changes and the strongest possible password, they aren't getting in unle

Re:

[lubricated]

>>yea, but if you set up your wireless network with a specific set of MACs and only allow those macs to log in, keep all of your machines on so someone can't hijack the mac, and disable logins to your router from anything but one of those macs, they won't even be able to connect even after they crack your password unless they can flood your router or otherwise break it. Very few people can do this.

or you could just change your mac. This is very easy.
ifconfig eth1 hw ether newmacaddress

this also isn't

Re:

[Alpha830RulZ]

Thanks for laying that out. I don't know what makes this so hard for people to get/do. Come up with 3 to 5 words of something that means something to you, separate with some punctuation, and make sure it's around even only 20 characters, and it should take a million machine botnet something like 10^21 years to crack, assuming the 45/tries a second metric. eg., "IHave7FavoriteFl()wer&" should be good for something like the remaining life of the universe. (3.6*10^27 years, by my calculations)

Even so

Re:

[orcrist]

I don't know what makes this so hard for people to get/do.

I agree.

Come up with 3 to 5 words of something that means something to you, separate with some punctuation, and make sure it's around even only 20 characters...

Exactly. Anyone who reads a decent amount should not have any trouble finding a nice long quote from a book they liked which they can remember, which is what I always recommend. If they don't read enough for that to be the case.... fuck'em they don't deserve to be secure ;-)

I am prone to setti

Re:

[kickdown]

"WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own."

You are assuming that WPA needs a human-configured passphrase here. Your calculations are all nice, but they refer to WPA-PSK (pre-shared key). If you use WPA with IEEE 802.1x (sometimes called WPA-"Enterprise"), a PMK (Pairwise Master Key) is generated by a AAA server *anew for every session*. I.e. as soon as someone logs

Re:

[Hawkeye05]

I wish i had mod points right now cause that post is damn worth it.

Re:

[kryliss]

Strangely enough, from the days when I had to reinstall Win98 on several machines all the time, I have that 25 character key memorized.. that's what I use for my WPA encryption. Haven't seen anyone crack that one yet.

Re:

[cbiltcliffe]

You have no idea what you're talking about. Ok, so you know the basics of simple wireless encryption and have used airsnort and kismet and aircrack-ng and whatever the hell else it is you wanna-be hackers kids use. Whatever. The kind of effort needed to do what you're proposing is MONSTROUS,

You, kayditty, are an asshole. Just like all the other stupid fucks in this industry, you assume that since you don't know how to do it, it cannot be done. Your kind are the most arrogant, conceited pricks on the pla

Re:

[cbiltcliffe]

I know plenty about the subject -- heaps more than you, I'm sure.

Yet again, piles upon piles of arrogance. I could be Bruce Schneier for all you know. I'm not, but my point is you're making a shitload of assumptions of my ability based on....what? Nothing. Other than my statements not agreeing with your preconceived opinions.

Wow, you've written some software in Perl (I'm sure that's very efficient). Congratz, dude!111.

Not only arrogance, but childishness, also. Never once did I say that I had ever

Signal roundtrip times is the tipoff

[BadAnalogyGuy]

This is a good heuristic, but may be misleading in the case of faulty client hardware or over-active powersaving routines.

But look, if you want a secure wifi, perhaps you're misunderstanding the need for wifi. Pervasive internet connections without wires is what we want. If you want to broadcast wifi, you ought to be required to provide this service to all listeners (how many times have I been to a customer site which had wifi that was locked down and inaccessible?). If you want to implement some sort of au

Re:

[Silver Sloth]

But leave the router open, wouldya?

No, I won't.

I don't wan't anyone not authorised by me on my network. I see no reason why I 'ought to be required to provide this service to all listeners'. Sorry, my network, my rules.

Re:

[pipatron]

He didn't say your network. Just let people browse the big evil world wide web.

Re:

[Albio]

But what if they do something illegal?
Or what if they don't play nice and cause congestion which you don't want to deal with?

Re:

[josephdrivein]

What if leaving a open access to the Internet is illegal?
There are countries in which this is true.

Re:

[kalirion]

Why the Hell would I want random strangers to reduce my bandwidth? If they want to browse the big evil world wide web, let them pay for their own high speed connection.

Re:

[jasen666]

Because if they download kiddie pr0n, it's *MY* IP address that gets logged, and my house the FBI raids looking for said kiddie pr0n.
Not worth the risk to be a good Samaritan to the neighbor's who can't afford their own internet.

Re:

[Anonymous Coward]

My bandwidth, my rules.

Re:

[cheater512]

Your network which is being being beamed to my house.
If you want it secure, stop broadcasting it. Simple. :)

Re:

[Peter Mork]

Or, I am broadcasting my SSID (caetarn) because I don't care if you access my WAP from your house. Yes, there are still some long-haired pinko-fags (to coin a phrase) willing to share their resources.

Re:

[icebrain]

If you want to broadcast wifi, you ought to be required to provide this service to all listeners

If I'm paying for the router, the connection, and all that... why should I have to allow someone to mooch it for free?

Re:

[pipatron]

Because it doesn't cost you anything extra, and if you do that, the moochers will let you browse for free when you're somewhere and need to check something.

Re:

[kalirion]

Doesn't cost you anything extra except bandwidth you mean. And money if they decide to bittorrent a few songs. And jail time if they decide to visit a few child porn sites.

Re:

[hedwards]

No, it isn't free. It might not cost any money directly, but I'd personally factor in the cost of the possibility of dealing with the police or FBI at some point into the cost.

Anybody posting here should know better than to leave a WAP open, the amount of trouble that can be caused by somebody abusing the set up is more than sufficient to justify keeping a sound security policy. Even then it may get broken, but that's where plausible deniability comes into it.

Re:

[xappax]

Even then it may get broken, but that's where plausible deniability comes into it.

You always have plausible deniability, even if you don't have a access point at all. It's completely possible and quite frequent that people's computers are 0wned by viruses and trojans, and used to route anonymous traffic, send spam, and mounts scans and attacks on other machines. If securing your systems was required to give plausible deniability, millions upon millions of computer users could be subject to criminal pro

Re:

[Mister Whirly]

"You always have plausible deniability"

Yeah, that worked splendidly in the Jammie Thomas case [wired.com].

"Nothing can protect you from having to deal with the police or the FBI."

Well, not completely, but I would say not allowing people to commit crimes on your network would do something to dissuade that a little bit. And this [arstechnica.com] headline couldn't more clearly refute your claim - "Child porn case shows that an open WiFi network is no defense". From TFA -
The merits of leaving your wireless access point (WAP) ope

Reading TFA.

[Eevee]

Well, the first thing you need to do is actually start reading the article you're using for support. From the fine article you quoted:

The FBI says it found CDs with child porn in Perez's room, the only one it searched.

Up to the time you can show how a wifi connection will make a physical CD magically show up in a room, then any argument about plausible deniability based off this case is full of it. You can't claim someone else was using your wireless connection to download child porn when you have a big st

Re:

[Mister Whirly]

Read even further. It was most likely his roommate who had the kiddie porn, but they still basically ruled it was his connection and his liability. With no probable cause, there is no search and seizure. Eliminate the first step and you don't need to worry about the rest. And sorry, but this IS a test case no matter what other evidence was found. Until it is overturned, the ruling stands as precedent in all other cases after it.

Re:

[xappax]

And this headline couldn't more clearly refute your claim - "Child porn case shows that an open WiFi network is no defense"

But the crime in that case wasn't committed over an open wireless network. The argument was that a search warrant shouldn't have been granted because of the open access point, it didn't have anything to do with plausible deniability. The guy was caught with CDs of child porn in his room, which is pretty open and shut, he was just trying to get off on a technicality about the search

Re:

[Mister Whirly]

The crime that caused the FBI to have probable cause WAS committed over an open wireless network - downloading child porn. They could have never searched his apartment without that evidence. In this case the person had deniable plausibility, in fact all signs pointed to his roommate being the guilty party. But that didn't stop him from being charged because it was his connection that was used. I don't know about you, but I would rather not give law enforcement probable cause to search my house, even if I ha

Re:

[xappax]

I'm pretty sure, though not totally confident, that "common carrier" isn't an official bureaucratic status, like something you have to apply for or be a certain type of business for. It's simply a legal category to describe a technology which indiscriminately relays information that anyone puts on it.

For example, if you operated a hobby radio repeater and someone broadcasted a bomb threat to town hall through your radio repeater, you wouldn't be liable because you're a common carrier - your technology re

Re:

[thePowerOfGrayskull]

ou always have plausible deniability, even if you don't have a access point at all. It's completely possible and quite frequent that people's computers are 0wned by viruses and trojans, and used to route anonymous traffic, send spam, and mounts scans and attacks on other machines. If securing your systems was required to give plausible deniability, millions upon millions of computer users could be subject to criminal prosecution right now.

In case you hadn't noticed, they confiscate first and ask questions

Re:

[mrhartwig]

Nothing can protect you from having to deal with the police or the FBI.
Reducing the probability of dealing with authorities by not opening your network, does not make the resulting still non-zero -- but smaller -- probability useless.

Whether the effort required to do so is worth your time is an cost-benefit analysis left as an exercise to the reader. If you choose to decide it's not worth your time, great. But don't expect everyone else to agree with you.

And no, my network isn't open. I have plenty of ne

Re:

[plague3106]

Even then it may get broken, but that's where plausible deniability comes into it.

No, it doesn't. At that point you need to offer some evidence that someone actually did compromise your computer / network.

Re:

[Mister Whirly]

software != hardware - Please cite some examples of your "open source hardware" that people are giving away for free.

Re:

[X0563511]

What I love is that (the summary at least) article states you can use this to see if someone is monitoring your network.

Excuse me? How in the hells would you tell of someone was passively reading incoming radio waves? Isn't that the point of active vs passive radar systems, for instance? You can't!

Re:

[Mister Whirly]

Sure, I'll unsecure my wireless network for you to use. As long as you leave your front door unlocked so I can come over to your house anytime I want, make a sandwich, watch some TV, play some video games, etc.
Entertainment is what we want. If you want to do entertaining things, you ought to be required to provide this service to all.

Re:

[mrhartwig]

Entertainment is what we want. If you want to do entertaining things, you ought to be required to provide this service to all.

By that logic, if you buy into Maslow's heirarchy [wikipedia.org], you have an even greater responsibility to be providing food, shelter, and sex to people too. After all, we want those more than entertainment.

Let me know your address; I'll do my part by personally bringing some homeless people to you so you can help out. I'll need to know which gender you prefer, too; I wouldn't want to stretch

Re:

[mrhartwig]

Ack, sorry -- I think I just tried to slam someone saying the same thing I am. I should have said "To anyone who believes this, let me know your address and I'll do my part....." Trying to be non-directed and all.

otoh, if I re-read your post incorrectly, and you do believe I should be unsecuring my wireless net, feel free to take the slam personally. :-)

Re:

[Mister Whirly]

No, you re-read it right. My information doesn't want to be free, and neither does my beer, television, or food. I think if you own a wireless device, you are free to share or not share as you see fit.

Doesn't seem to practical

[faloi]

The description is, basically, they use the signal strength and round trip times of the signals to figure out if someone unauthorized is on your network. The downside is that, in large corporate wireless networks, I would think people tend to be pretty mobile and there won't be a reliable indicator that the odd signal from slightly too far away isn't just somebody who remembered one last thing on the way to their car. Smaller wireless networks aren't likely to care enough to spend the time it takes to tell.

It's an interesting idea, but I have a hard time seeing it become widespread.

Re:

[BadAnalogyGuy]

It's an interesting idea, but I have a hard time seeing it become widespread.

Given that the primary researcher now works for a hardware maker (last line in the article), I wouldn't be surprised to see this as a feature on some routers in the near future.

Re:

[Trigun]

You think that it's bad now, wait until everyone rolls out wifi enabled cell phones. In a large corporation, hackers could hide an elephant in that background noise.

Re:

[cyriustek]

Whislt you have somewhat of a point, the odd occasion where one may forget something and try to access the LAN at his car is an outlier to the data set. If the system notices someone from that location connecting to the network, and can either force a new authentication event requiring a local cert, or can simply shut down the AP the external person is connecting to. (Preferably shutting it down.)

As an aside, the company can also have a policy explicitly forbidding access from the parking lot. If what they

Re:

[faloi]

That's actually a good point. I come at it from the point of view of the large companies I've worked for. To get on the corporate network via a wireless connection, you still have to authenticate to a VPN server. We have a separate wireless network that visitors from other companies can use, but it's got no connection to the corporate network. I'm sure it's not that way for every large company.

Re:

[Cyno]

If their networks are so sensitive and secure why transmit ANYTHING over the air? This is just another way to use the illusion of security to adopt a police state. In the article they mention sending out armed guards to check on the intrusions, etc. See, they're already thinking in the right direction.

Damn

[FredDC]

What? No, but this means that I[NO CARRIER]

Re:

[jam244]

What? No, but this means that I[NO CARRIER]

I see the network admin was nice enough to hit Submit for you.

"detect eavesdropping"

[Anonymous Coward]

Yeah, right, detect eavesdropping. Any other snake oil you want to sell?

Re:

[ice_nine6]

Seems to be a poor summarization - the article makes no mention of detecting eavesdropping (which would be impossible).

Re:

[Actually, I do RTFA]

Yeah, right, detect eavesdropping. Any other snake oil you want to sell?

I have a pain-relief gel which has a side-effect of super-(strength/speed/control of sea animals).

Triangulation

[JustKidding]

So, basically, they are just triangulating every node on the network, and detecting when a node is outside a given range (outside the building?), or seems to suddenly jump to another location (session hijacking)? Would this still work if the attacker is using a directional, high-gain antenna to prevent effective triangulation? Also, varying the signal strength and round trip time could throw this off, but even if the exact location of the attacker cannot be determined because of it, the alarm could still be raised.

Re:

[Ungrounded Lightning]

So, basically, they are just triangulating every node on the network, and detecting when a node is outside a given range (outside the building?), or seems to suddenly jump to another location (session hijacking)? Would this still work if the attacker is using a directional, high-gain antenna to prevent effective triangulation?

Sounds like they're not "triangulating" - computing the DIRECTION to a station from two monitoring locations in order to identify the station's location as the third point of a triangl

Makes sense.

[ufoolme]

Aussie's are really into all this wireless stuff!

I'm fairly new to all this but at a very basic level it seems to make sense.
It just a more complex method of looking at the flashing lights on the modem to see if its in sync with your known wireless connections. -- Okay alot more complex than that.

I wondeer if this can be applied to other wireless systems, e.g., radio systems. If so it would be very useful

eavesdropping

[backwardMechanic]

You can detect many things, but not eavesdropping. Your little wifi card broadcasts all kinds of data, in all directions. I can listen in and say nothing. How are you going to detect that? Warping of the ether?

Re:

[atdt1991]

Quantum Entanglement! We've got on-board chips for that ... right?

Re:

[mossmann]

TFA doesn't claim a method for detecting eavesdropping. Bad summary.

Re:

[backwardMechanic]

Fair enough. Like a good ./'er I haven't read it, of course ;-)

Re:eavesdropping

[Ungrounded Lightning]

You can detect many things, but not eavesdropping. Your little wifi card broadcasts all kinds of data, in all directions. I can listen in and say nothing. How are you going to detect that?

Your firmware might react to being associated with a network enough to eavesdrop it by also responding to low-level configuration traffic. If that happens, even if you don't send any data the firmware may respond to probes, letting the network know you're listening.

If you're truly eavesdropping you're undetectable. But do you know what the vendor put in the binary blob?

Re:

[The_Laughing_God]

[b]Your firmware might react to being associated with a network enough to eavesdrop it by also responding to low-level configuration traffic. If that happens, even if you don't send any data the firmware may respond to probes, letting the network know you're listening.[/b]

It is fairly cheap and easy to set up a listen-only client using hardware whose transmitter is easily disabled. A few minutes with a razor blade or soldering iron, and I don't need what the proprietary firmware *tries* to do. If I want an

Nothing to see here, move along

[Anonymous Coward]

"Depending on how sensitive the network is, armed security guards could be deployed [...]"

And they would shoot the guy with the laptop in the lobby? Whoops, wrong guy. It was the other guy in the lobby. Nope, it was the woman in the parking lot. Wait, no, it was an anomoly.

Sounds more like a weak attempt at a research project.

Re:

[Firethorn]

I work around some areas that would have this much sensitivity, it'd be more like 'there's somebody/somthing over there that's not authorized', they'd go check everyone, find the device and arrest.

Shooting would only come into effect if they resisted.

Of course, at those security levels they don't use wireless.

Re:

[marcello_dl]

Armed guard should first look for the guy who thinks a sensitive network can adopt wireless connections.

The German Police

[thegermanpolice]

The German Police will be pleased.

Australia's University of Technology ?

[mybecq]

Australia's University of Technology in Queensland

Otherwise known in reality as the Queensland University of Technology [qut.edu.au] in Australia.
Zonk or Bergkamp10, please do us all a favour and don't change the name of institutions.

Re:

[bh_doc]

Like saying America's Institute of Technology in Massachusetts. Not even close to correct.

Where's the paper?

[Raleel]

I don't see it or this news on the QUT IIS website.

How is this ground breaking?

[computerchimp]

1) hopping from one router to another is detected via traditional means
2) higher than average roundtrip times are noticed via traditional means
3) signal is triangulated via traditional means to put a location on a suspected signal.

A new but an obvious proceedure that someone has decided to put to paper and product. It is a nice product to notice but this is about as ground breaking as peanut butter and chocolate.

CC

Use 1x

[MT628496]

Use 802.1x authentication on your wireless network, or use a gateway that will log users in through a browser and you eliminate a lot of problems.

Re:

[TechyImmigrant]

802.1X (It's a capital X) is not an authentication protocol. It's an architecture (1X) and a protocol protocol (EAPoL) to carry a protocol (EAP) that carries authentication protocols (EAP methods).

What you said is akin to recommending a purchaser of a computer use the box it came in.

Doesn't appear to track eavesdropping

[davidwr]

This technique doesn't appear to handle eavesdropping attacks, where the attacker records radio traffic for real-time or post-analysis.

By capturing signals, unencrypted and WEP-encrypted traffic can be snooped for sensitive data.

This same technique also works against other weakly-encrypted or unencrypted protocols, provided you can get close enough to snoop. I'm thinking infrared keyboards and possibly bluetooth not to mention old-fashioned CRT-sniffing using a specially-equipped police van like you seen i

Wireless 101

[Tastecicles]

1. Secure the connection using WEP/WPA/whatever.
2. SPECIFY the MAC addresses of the specific client hardware in the routing table; a whitelist will REJECT any other connection attempt (MOST routers will do this!)
3. TURN OFF SSID Broadcast once you have the specified units set up; this will render the wireless network invisible to casual scanners.

I have never had a support call for hacked wireless on ANY system that I've set up using the three points listed.

Re:

[jasen666]

Right, that keeps out amateurs and lazy hackers. Somebody that really, really wants in can still find a way eventually (except for WPA2... that hasn't been cracked yet has it?)

On mine, I've also taken the steps of disabling DHCP, and setting my network subnet mask to 248 as the last octet. This leaves only 6 IP's available, exactly the number of devices on my network. A hacker would not only have to clone a MAC address, but take one of my in-use IP addresses. Not an impossible task, but a pain in the as

Re:

[robbeh]

WEP is useless and can be cracked in less than 10 minutes using any laptop made in the last 10 years. Keep on using that WPA though.
MAC filtering is useless because anyone with Kismet can see the active MAC addresses on the network.
SSID hiding is useless because anyone with Kismet can see the active SSIDs around them.

Someone mentioned it earlier, but have a look at this:
http://blogs.zdnet.com/Ou/index.php?p=43 [zdnet.com]

If they're invisible...

[billcopc]

How in the hell can anyone see invisible things ? If a passive eavesdropper is quietly capturing all packets without sending anything, you can't monitor them. It's not like there's an electrical connection to the host that you can monitor for power dips.

A more effective solution, which has been employed by every ignorant security "expert" in the world is to claim that all wireless networks are insecure. Yes, Duh! Next question.

To a certain extent, all networks are vulnerable whether they're carried in t

False Positives and Reliability

[neorush]

It seems this would work great for a small office scenario with a few users, but I imagine with a larger network and things like iPhones, transmitting, connecting, and disconnecting from various distances and signal strengths "odd" round trip times would seem very difficult to reliably detect. The threshold would either result in a large number of false positives, or miss the real threats all together. It would certainly be possible to throw out something like an iPhone, but then as an attacker I could ju

Freeloader

[MM_LONEWOLF]

Damn, no more free web-browing. But wouldn't it be easier to rig the hardware to only send a signal to a certain distance?

FUD: tracking can be done w/accuracy

[postbigbang]

Newbury Networks, among others, have used triangulation coupled with latency to 'watch' 'intruders' on networks.

Businesses that don't put lock on their doors-- oops I mean a strong access key-- invite break-ins. It IS POSSIBLE to secure specific access points to the point where it's no longer useful to try and crack them; WPA2 with a random strong temporal, randomly-changed key (say 24hrs at most) will suffice. Instead, notebooks or stationary devices are more astute targets for the ne'er-do-wells.

I have been doing this for awhile

[bitsiphon]

We deployed Aruba wireless Access points that give you location based access 2 years ago. An Electronic fence as it were. It does not solve the problem of eavesdropping and I think encryption is the only solution to limit that type of "Hack". The paper is interseting but obvious in its arguments.

All you kids...

[NickCatal]

Get off my WAN!

This is new? Products that do some/all now...

[myvirtualid]

Not to flame or troll or slashvertise, but how is this new? I was a conference recently where the coolest security product on display was from http://www.airtightnetworks.net/ [airtightnetworks.net]: Their WIPS can be configured with an organization's known wireless clients (MAC address, make, HW and SW versions, etc.), and then detect systems that shouldn't be there.

According to the reseller's CTO - I had the good fortune to stop by the booth before he and the COO departed and the booth was left with only salesdroids - the syst

Stating the bleeding obvious....

[sifi]

He said the valuable commodity at greatest risk on local area networks was information.

What, not like gold bullion or something?

URL to paper

[Anonymous Coward]

This URL [qut.edu.au] seems to be the paper that presents the approach.

Does not detect eavesdropping

[jvkjvk]

Now, I may not be a physicist, but I'll play one here on Slashdot.

I really don't see how this can detect eavesdropping. Of course, my definition of eavesdropping is that it is a passive activity, listening if you will, but not talking.

Since this technology appears to predicated on receiving a signal from the "eavesdropper" the real world equivalent would be the eavesdropper butting into your conversation to ask you a question or to tell you something.

Not that it isn't interesting or cool but perhaps the cl

Detects Invisible Intruders My Ass...

[PainBreak]

If a wireless NIC is in passive, promiscuous mode, it doesn't have to send any data out. It doesn't associate itself with the access point, it doesn't ask permission from the network to be there, and it doesn't need to send any response to anything. It's just "listening" and collecting packets as they go to and fro, in the open air. In order to triangulate anything, particularly based on response-time, the intruding node would have to respond, which it doesn't. This is just another half-hearted attempt

Re:

[Hawkeye05]

The very best way to secure a wireless network is to make your look like less of a target than thers around you, I personally have a 13 digit WPA2 passphrase including numbers and MAC filtering, overall pretty solid. But then my neighbors have completly unlocked wireless with their routers using the default settings, anyone who would choose me over them would have to be either really bored or wanting to specifically see what i'm doing, I'm not paranoid about this but i do check my router every 2 weeks or so

Re:

[eneville]

So what? I didn't make you go to the link. You clicked the link yourself. That's not my problem. If you read slashdot at work and you start following links in comments THEN YOU'RE NOT AT WORK, and personally I don't think you should be doing that during work time as you're potentially a risk to your employer by visiting sites that are of questionable trust. I'd probably sack you. You're lucky that I didn't put something there that would compromise browsers and what I did alerted you to the fact that you're