New Way to ID Invisible Intruders on Wireless LANs 122
Bergkamp10 writes "Australia's University of Technology in Queensland has created a groundbreaking new system that can detect invisible intruders on wireless LANs. Wireless networks have been almost impossible to thoroughly secure as they possess no clearly defined boundaries, instead they are defined by the quality and strength of the receiving antenna. QUT Information Security Institute researcher Dr Jason Smith has invented a new system to detect eavesdropping on unencrypted networks or active hijackings of computer sessions when a legitimate user who is logged onto the network leaves the connection. Smith has created a series of monitoring techniques that when used together can detect both attackers and configuration mistakes in network devices."
Doesn't seem to practical (Score:5, Insightful)
It's an interesting idea, but I have a hard time seeing it become widespread.
Re:Doesn't seem to practical (Score:2, Insightful)
As an aside, the company can also have a policy explicitly forbidding access from the parking lot. If what they had to do is so important, they can either go into the building, or wait until they are home and use their VPN connection.
"detect eavesdropping" (Score:3, Insightful)
Re:Signal roundtrip times is the tipoff (Score:3, Insightful)
I don't wan't anyone not authorised by me on my network. I see no reason why I 'ought to be required to provide this service to all listeners'. Sorry, my network, my rules.
How is this ground breaking? (Score:5, Insightful)
2) higher than average roundtrip times are noticed via traditional means
3) signal is triangulated via traditional means to put a location on a suspected signal.
A new but an obvious proceedure that someone has decided to put to paper and product. It is a nice product to notice but this is about as ground breaking as peanut butter and chocolate.
CC
Re:Signal roundtrip times is the tipoff (Score:2, Insightful)
Excuse me? How in the hells would you tell of someone was passively reading incoming radio waves? Isn't that the point of active vs passive radar systems, for instance? You can't!
Re:Virtually impossible? (Score:5, Insightful)
WPA can be cracked if someone uses a simple passphrase, and even random passphrases can be cracked without a whole lot of effort simply by renting part of a botnet, or running your own.
Using the Storm botnet as an example:
There were estimates that put the botnet as large as 50,000,000 computers. Having done WPA-PSK key cracking on a P4 1.6 laptop, it can run around 30 passphrases/second. My desktop is significantly faster, although I haven't actually tried PSK cracking on it. I'd assume probably 45 / second or more. It's not a state of the art machine, by any means. Probably about average.
So if we assume an 8 character random passphrase, (which is all a lot of people will use, so it's easier to remember) that you can type on your keyboard, (again, who's going to use Alt-Numpad combinations?) there are 96 possible keystroke characters that can make up each byte. 96^8 = 7213895789838336 possible password combinations.
Assuming 45 passphrases / second for each machine, it will take, using this botnet, just over 37 days to break that password. That's assuming the most complex password possible for 8 characters. Realistically, you can take out any special character that's not in 13375p3@k, and for most all you'd need is numbers and letters. That'll cut your time significantly.
Yes, that's only an 8 character password, which will take 96 times as long to break with only 1 extra character, but how many people, who don't use their full allotment of 63-characters of randomness, are going to use something like "password", "dave sucks", "fleabert" (name of their cat), or even "fleabert scratches too much" as their passphrase?
Now you've got standard words, which can easily be pulled from a dictionary and put together in different combinations until the passphrase is cracked. Trivial, with enough computing power. And unfortunately, the only people who have access to that kind of computing power, are (I shudder to use the word) cybercriminals.
Re:Virtually impossible? (Score:3, Insightful)
Oh, yeah, and bear in mind: those 50,000,000 would all have to be in range of the access point and would have to not overwhelm the access point. Even the best Cisco Aironet equipment isn't going to handle that kind of load.
Re:Signal roundtrip times is the tipoff (Score:3, Insightful)
Not worth the risk to be a good Samaritan to the neighbor's who can't afford their own internet.
Re:eavesdropping (Score:5, Insightful)
Your firmware might react to being associated with a network enough to eavesdrop it by also responding to low-level configuration traffic. If that happens, even if you don't send any data the firmware may respond to probes, letting the network know you're listening.
If you're truly eavesdropping you're undetectable. But do you know what the vendor put in the binary blob?