Wireless Camouflage?

Anonymous Coward writes "Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, NetStumblers, Script Kiddies, and other undesirables. Fake AP is a proof of concept released under the GPL."

Security through Obscurity

[FalconRed]

Perhaps the author of this tool forgot to read this:

http://slashdot.org/features/980720/0819202.shtm l

DOS application?

[eander315]

Couldn't this software also be used to confuse actual end-user's wireless cards that try to find the legitimate AP? Seems like most wireless cards/software would have a hard time finding the real AP if there are 53,000 fake ones to choose from.

Doesn't this just slow down the wardriving a bit?

[westfirst]

So I get a list of hundreds of access points. My trusty computer can be programmed to check them all one by one. Only the legit one will respond. I realize this is a bit slower, but I think the number of fake APs needs to be huge to hurt the war drivers.

In fact, I think that the problem with this solution is the amount of effort expended in defense is equal to the amount of effort for the war driver. You've got to have a PC pumping out fake APs constantly. Both radio modems are putting out the same bandwidth. This isn't a good equation for most of us.

Good encryption, on the other hand, takes only a few cycles to do but a gazillion cycles to undo. That's a great ratio of defense to offense.

Plus, don't the fake APs still end up jamming the channel. If you're faking an AP, someone else can't use the channel on that micro second. Given that wardrivers come only occasionally, but the jamming goes on constantly, I think that the legitmate users will pay a big price in network access for something that would only slow war drivers down a bit.

But I may be wrong.

Script kiddies are people too

[Dunhausen]

Is there really such a problem with people mooching off wireless networks?

I mean come on. Is the big problem in todays work environment really that before all the staff can play Quake III on the company LAN someone has to go out and scatter all the hooligans with laptops?

This is cool, don't get me wrong. But if encryption isn't enough, go with the cat5 cable.

Re:Security through Obscurity

[Otter]

"Security through obscurity doesn't work" is an aphorism, not a law of thermodynamics. It's foolish to rely on obscurity, but there's no reason why it can't add an extra layer of protection.

Same for Brooks' law, for all the people who love to invoke that one. It's not a formal proof that adding a developer will necessarily delay a project.

Not much help unless your network is unused..

[funky womble]

This won't do anything to hide an active network, people will just look at the data traffic instead of the beacons.

From the trenches..

[Render_Man]

As a wardriver, I think that this would definatly confuse and annoy anyone driving around.

However I've noticed that companies with wireless AP's tend to be in clusters in close vicinity to each other. I'm just wondering what the effects on the persons neighboor would be. I could just see someone running this and just confusing the hell out of his neighboors. It would be even worse if the fake broadcasts were on different channels, then there would be real chaos with legit users.

Fun to play with, but not practical for production since a determined attacker would wade through the data to get your real SSID

Just my $0.02

Re:MAC filter always worked for me

[ICA]

Why would this foil them exactly?

You're most likely right, since they are likely doing this for sport, not hacking. If you are using this simply as a deterrent, not security, then you are correct.

However, any hacker who actually wanted in your network could do so in seconds:

1. Listen for a unicast frame to determine a valid MAC address on the network.
2. Change MAC address on his/her card to be one of the MAC addresses.
3. Pillage the network of the person sitting dumb, fat, and happy on their unsecured net.

The short and sweet of this is that it is not hard to spoof MAC addresses. Therefore, Access Control Lists (ACL) can not be the only level of security.

Yes. Re:Doesn't this just slow down the wardriving

[WolfWithoutAClause]

The packets that announce an AP consume a tiny fraction of your available bandwidth. There should not be a noticable drop in bandwidth.

That's probably its achilles heal. If you measure which AP point has the most traffic, you've blown past any illusion of security this gives you.

Re:So who's going

[analog_line]

It's not security through obscurity, it's creating a forest around your tree. While I may be able to secure the machines on my network, use a VPN for all transactions over the wireless network, there's no real way to secure my access point. WEP is a joke, plain and simple. If someone gets on my wireless network unauthorized by me, I'm liable for whatever shit they might pull through my internet connection, so I don't see the supposed stupidity in making it alot harder for someone to find the real access point. I have my doubts that this software is as effective at what it's trying to do as it's author(s) claim, but even so, it narrows the potential abusers of my network down to the determined, patient, and lucky. No security is perfect. You just have to run faster than the slowest guy to avoid getting eaten by the lion, you know?

And a better analogy would be trying to avoid venereal disease by dumping condoms all over the place so it's a veritable certainty that you'll be within reach of one wherever you happen to find yourself doing the nasty.

A better

Re:Security through Obscurity

[King of the World]

If you can't rely on it, why are you wasting your time doing it in the first place?

Because security isn't binary, good security is about lowering the odds of a break-in. Obscurity achieves this, and it can often be a very quick way of lowering the odds of intrusion.

Re:Security through Obscurity

[RallyNick]

I don't think this has anything to do with Security through Obscurity. StO means you keep the flaws secret, while a fake AP flooding is an entirely different matter.

Not saying it's bulletproof, but if it makes it harder to get in and the cost is small then there's no reason not to do it.

Not much more than a diversion

[AnnaBlack]

As has been pointed out in other replies to this story:

it's easy to sniff for data traffic and thus ignore the fake access points,

this is a useful DoS tool more than a way of securing networks.

Seems to me that as long as network admins, users or Jo-average-computer-at-home-user keeps thinking of 802.11 kit as a "alternative to wires", we'll be stuck with all the security problems. Wireless = broadcast. That will inevitably involve sending your data out to anyone who cares to set up an antenna and kit to recieve it. You trade the convenience of not having to run wires for the insecurity of broadcasting your bits to the world. Anyway, given that this unpleasantly insecure technology is spreading worldwide, it's interesting to see this article at CNet [com.com] about small, cheap 802.11 chipsets destined for set-top boxes. I contentedly predict that in a couple of years there'll be scares about wardrivers sniffing what people are watching on their wireless TVs :) Anna B