June 10, 2008

Wireless Network Security, part two: AirSnare

AirSnare

Those of you who look forward to the security articles I put out may remember last week's article on the basics of wireless network security. This week's article is along the same lines, not so much locking a wireless network down, but rather how to monitor it, and a really cool way to give any freeloaders a little scare.

Before I get ahead of myself, let's do a little recap of last weeks security article. I talked primarily about locking down your wireless network using some of the integrated tools on wireless routers and WAPs (Wireless Access Points). Things like MAC filters, WEP keys, and changing "out of the box" passwords and SSIDs can stop most users from accessing your network, but what about a knowledgeable experienced user.

In case you didn't know, there are sites and tools out there that advanced users can use to circumnavigate certain security measures, in order to get what they want. This could be the neighbor trying to get free Internet access or their kid who's just horsing around. Either way you don't want this and it's a nice feeling to be able to catch' em, who knows, you might even set them straight and teach them a lesson.

If you remember last week I mentioned how my classmates snuck on to some poor guy's wireless network behind the university (bad place to have an unsecured network—these guys knew what they were doing and had the tools to do it) and surfing the web. If Mr. X had the program AirSnare he would've caught the students in the act, and he could've sent them a message letting them know the "jig is up".

AirSnare is a wireless network monitoring system that has some pretty cool features. In a nutshell, AirSnare takes a list of MAC addresses that you have OK'd as being your network devices, (i.e. your home PCs) and alerts you of access by any other MAC address. The program actually warns you by telling you with a voice that there is "unauthorized access on your network", and you can even set it to email you any security breeches. In addition to the audio warning, the interface also turns red and you can see the user's MAC address and what they are doing. That's right, you can actually see if an intruder is checking their mail or surfing the web.

Not only does it tell you this info, but you can actually double click the destination IP address and Airsnar will connect you to the site. This is all very cool, but the best is the Airhorn, an element of AirSnare that allows you to send intruders a message that pops-up on their screen buy generic propecia online telling them what ever you type in, for example "I'm watching every move you make, so get off of my network".

The GUI is a little on the primitive side, but that's because it was meant as a low requirements tool, and not a bloated end-user program. Before you download the AirSnare look over the manual, especially the setup instructions. One thing you have to do is download, and install the WinPcap library—it's a protocol analyzer and is an important component in AirSnare. The whole process (download and install) takes just a couple of seconds, basically download and double click. It doesn't install a program just a library that AirSnare uses to capture network packets.

AirSnare may be a little different than other programs you're used to, but it really is easy to use and if you have a wireless network I think it could be an invaluable tool for maintaining tight security. Besides, if friends or family come over you can blow them away with your knowledge of wireless security and your super-cool monitoring tools.

Download WinPcap…
http://winpcap.polito.it/

Download AirSnare…
http://home.comcast.net/~jay.deboer/airsnare/

Stay safe out there,

Permalink • Print • Comment

Leave a comment

You must be logged in to post a comment.

Made with WordPress and a healthy dose of Semiologic • Sky Gold skin by Denis de Bernardy