1 / 36

Wireless Intrusion Detection & Response

Wireless Intrusion Detection & Response. ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim. Contents. Project Description & Demo Competitors & Market Building Blocks & Project Timeline Challenges, Risks and Difficulty Level Product Testing

JasminFlorian
Download Presentation

Wireless Intrusion Detection & Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim

  2. Contents • Project Description & Demo • Competitors & Market • Building Blocks & Project Timeline • Challenges, Risks and Difficulty Level • Product Testing • Hardware and Software Requirements

  3. Project Description

  4. What is the product? • An access point which can detect intruders and take counter measures • Detection of Netstumbler • Blocking / Jamming Netstumbler without affecting network performance • Product will be open source and will integrate several available technologies

  5. Project Demo • Several computers on a wireless network • Wireless network intruder using Netstumbler • Three Phases • Network setup • Netstumbler and intrusion • Intrusion detection and counter measures

  6. Phase I – Network Setup • 2-3 Linux machines setup with an access point to form a 802.11b network • Data (packets) routed from linux machines to each other through AP • Access point monitor used to detect source and destination of packets passing through the access point

  7. Phase II – Intrusion • Intrusion detection and jamming turned off • Netstumbler used to access information on the wireless network • Netstumbler captured packet information shown

  8. Phase III – Intrusion Detection & Counter Measures • Netstumbler packet detection • Blocking of Netstumbler packets, RF jamming or fake AP barrage • Data rate on wireless network measured w/ and w/o counter measures

  9. User Interface • Focus on proving the concept • Open source allows end users to develop UI according to their needs • Basic text-based user interface for testing, debugging and demo

  10. Competitors & Market

  11. Competitors • Fake AP – Product developed by Black Alchemy. • Used for flooding the wireless network with false AP beacon packets. • Netstumbler gets overwhelmed with thousands of access points. • Open Source, supported by linux.

  12. Competitors (contd.) • Air Defense – Enterprise/Military wireless intrusion detection system. • Sold as a complete system which includes AirDefense sensors, server appliance. • Does not take action against intruder, just monitors the network, and informs the administrator of any suspicious activity.

  13. Price • Fake AP is a freeware. Available at: http://www.blackalchemy.to/Projects/fakeap/fake-ap.html • AirDefense system costs between $19,000 to $25,000.

  14. Our Product • No product in the market today combines both Intrusion detection and response. • Our product shall be freely available. • This makes product unique and attractive to potential users.

  15. Building Blocks • Setup – Installing network cards on two linux machines, installing HostAP drivers, installing wireless sniffers, packet sniffer libraries. • Detect NetStumbler – recognize netstumbler signature, UI design for reporting malicious activity.

  16. Building Blocks (contd.) • Counter-measures – - Logging event information (MAC, time, physical location) - Sending bogus AP information. - DoS • Port to Open AP – combine detection and countermeasure and run it on an AP.

  17. Building Blocks (contd.) • OpenAP PC interface – write a TCP sockets client-server program. • Allow network administrator to remotely configure and acquire information from Access Point.

  18. Projected Timeline • 12 weeks to complete.

  19. Task Assignments

  20. Challenges, Risks and Difficulty Level

  21. Initial Setup – Challenges and Difficulty • Lack of resources for experimental drivers • Recompilation of kernel and other support packages • Compatibility and interoperability of hardware

  22. Initial Setup - Risk • Project could be severely delayed if we are plagued with compatibility issues • Incompatible hardware might require extra expenses to get different cards

  23. Wardriving Detection – Challenges and Difficulty • Limited storage memory • Libpcap vs. low-level syscalls • Development of algorithm for heuristic Wardriving detection

  24. Wardriving Detection – Risks • Inability to differentiate between Wardriver and legitimate client renders module useless • Forced to resort to low-level syscalls without availability of experimental driver documentation

  25. Countermeasure – Challenges and Difficulty • Limited storage memory • Countermeasures without affecting normal network performance • Discovering new denial-of-service attacks attains Wardriving client

  26. Porting to Access Point • Different development framework • Inaccessibility of access point • Limited debug tools

  27. Product Testing

  28. Stage 1 : Wardriver Detection • Reliable Wardriver detection • Does not pick up legitimate traffic from a variety of wireless cards • Logging

  29. Stage 2 : Countermeasure • Executed in parallel with Stage 1 • Sufficiently confuses Wardriver • Disables Wardriver • Does not affect normal network traffic

  30. Stage 3 : Access Point • Remote deployment • Durability (uptime) • Status monitored remotely

  31. Hardware and Software Requirements

  32. Hardware Required • 2x Linksys Wireless PC Card • 1x Orinoco Gold Wireless Card • 2x PCI-PC Card adapter • USR 2450 Access Point • Pretec 4MB Linear Mapped Card

  33. Software Required • Host AP • Open AP • Net Stumbler • Ethereal • Other scanners • Other sniffers

  34. Parts Designed and Adapted

  35. Parts Adapted or Reused • Host AP • Open AP • Fake AP

  36. Parts Designed • Intrusion detection algorithm • Integration on Host AP • Integration on Open AP

More Related