Is there a program/script for finding passively scanning wireless cards?
August 16, 2008 12:49 AM Subscribe
Is there a way to scan for passively scanning wireless cards.
I'm looking for a program (command line, gui, any os) that will allow me to be alerted to passively scanning wireless cards. Ideally, it would be something like Look@LAN or even better, a script that might turn off the router when such scans are taking place. This could ensure that a wireless network with a hidden SSID stays hidden.
I'm really wondering if anyone knows if it's even possible to single out laptops which are passively scanning. (Kismet might have a way of doing this, I don't know)
I'm looking for a program (command line, gui, any os) that will allow me to be alerted to passively scanning wireless cards. Ideally, it would be something like Look@LAN or even better, a script that might turn off the router when such scans are taking place. This could ensure that a wireless network with a hidden SSID stays hidden.
I'm really wondering if anyone knows if it's even possible to single out laptops which are passively scanning. (Kismet might have a way of doing this, I don't know)
I don't know how most scanning software works in practice, if it tries to connect to any network it finds then you may be able to spot it before it reaches yours. If it's totally passive, then you won't be able to detect it as the wifi card won't be transmitting.
Of course, you could build some clever hardware to detect the local loop of the heterodyne circuit in the scanning card...
posted by atrazine at 1:13 AM on August 16, 2008
Of course, you could build some clever hardware to detect the local loop of the heterodyne circuit in the scanning card...
posted by atrazine at 1:13 AM on August 16, 2008
I don't believe that it's possible, based on my understanding of 'passive scanning'.
Passively scanning means that the wireless card just reads what's coming in over the airwaves, and doesn't send out any info. Since it's not broadcasting anything, you can't detect it remotely.
If they try to use that wireless card to connect to your access point, though, then they're no longer in passive mode, and you should be able to detect them. By then, it's too late though.
What you really need to ask yourself is: why must your access point remain hidden? Obscurity is not replacement for good security, and if you've got your WPA encryption set up properly, you'll be in pretty good shape.
The only reason I can think of is that you're on campus or in a dorm somewhere, trying to run an unauthorized wifi point.
posted by chrisamiller at 1:27 AM on August 16, 2008
Passively scanning means that the wireless card just reads what's coming in over the airwaves, and doesn't send out any info. Since it's not broadcasting anything, you can't detect it remotely.
If they try to use that wireless card to connect to your access point, though, then they're no longer in passive mode, and you should be able to detect them. By then, it's too late though.
What you really need to ask yourself is: why must your access point remain hidden? Obscurity is not replacement for good security, and if you've got your WPA encryption set up properly, you'll be in pretty good shape.
The only reason I can think of is that you're on campus or in a dorm somewhere, trying to run an unauthorized wifi point.
posted by chrisamiller at 1:27 AM on August 16, 2008
This could ensure that a wireless network with a hidden SSID stays hidden.
I think you've got the wrong idea. This concept of "security through obscurity" isn't nearly as good as just setting up WPA properly. Although you can sometimes detect a wired ethernet card in promiscuous mode, I don't think you can detect wifi cards in monitor mode.
posted by knave at 1:30 AM on August 16, 2008
I think you've got the wrong idea. This concept of "security through obscurity" isn't nearly as good as just setting up WPA properly. Although you can sometimes detect a wired ethernet card in promiscuous mode, I don't think you can detect wifi cards in monitor mode.
posted by knave at 1:30 AM on August 16, 2008
This could ensure that a wireless network with a hidden SSID stays hidden.
What? Either your WAP is broadcasting its SSID or it isnt. Someone else's card in a laptop isnt going to affect this.
passively scanning wireless cards
The cards are just listening. You cant detect someone catching all the wireless radiation you're spewing all over the place.
Wifi SSID works because it broadcasts the SSID. If you want to stop this then you set the WAP to stop doing this.
If you're looking for security advice I suggest WPA with a nice strong passphrase. You can layer VPN on top of there or setup a radius authentication server too.
posted by damn dirty ape at 8:30 AM on August 16, 2008
What? Either your WAP is broadcasting its SSID or it isnt. Someone else's card in a laptop isnt going to affect this.
passively scanning wireless cards
The cards are just listening. You cant detect someone catching all the wireless radiation you're spewing all over the place.
Wifi SSID works because it broadcasts the SSID. If you want to stop this then you set the WAP to stop doing this.
If you're looking for security advice I suggest WPA with a nice strong passphrase. You can layer VPN on top of there or setup a radius authentication server too.
posted by damn dirty ape at 8:30 AM on August 16, 2008
What? Either your WAP is broadcasting its SSID or it isnt. Someone else's card in a laptop isnt going to affect this.
Even if it isn't broadcasting the SSID, as soon as someone joins the network the SSID will be sent out in the clear to anyone sniffing the traffic.
To answer the question, I'm not sure but I know there was a project to find passively scanning ethernet cards by measuring their response time in the face of ever increasing levels of junk network traffic (The thinking being that PCs in promiscuous mode would get bogged down processing all the data and their ping times would go up.)
posted by meta_eli at 9:27 AM on August 16, 2008
Even if it isn't broadcasting the SSID, as soon as someone joins the network the SSID will be sent out in the clear to anyone sniffing the traffic.
To answer the question, I'm not sure but I know there was a project to find passively scanning ethernet cards by measuring their response time in the face of ever increasing levels of junk network traffic (The thinking being that PCs in promiscuous mode would get bogged down processing all the data and their ping times would go up.)
posted by meta_eli at 9:27 AM on August 16, 2008
Oh, also, a hidden SSID is terrible way to go about security. You absolutely need to turn on the strongest level of encryption that your router and clients can support.
posted by meta_eli at 9:29 AM on August 16, 2008 [1 favorite]
posted by meta_eli at 9:29 AM on August 16, 2008 [1 favorite]
Response by poster: Thanks for your answers guys. To answer some of your comments about "security through obscurity". The point of discovering Passive scanning cards would not be to secure the network as a replacement for encryption. I am asking this question because I may need to setup a wireless router somewhere that these devices aren't allowed, therefore I am looking for a way to turn off the router altogether when someone is passively scanning (to ensure that the router cannot be found).
I have since determined I will probably simply limit the range to only be available in the small area I will need it, change the mac address of the router, hide the SSID, encrypt it and only allow certain MAC addresses on. If you have any other tips I'd love to hear them.
Probably should have thought about the fact that "passive" scanning wouldn't be transmitting anything but I thought that the card would have to be pining networks and such in order to detect hidden SSIDs and would therefore be able to be monitored.
posted by bjtitus at 1:37 PM on August 27, 2008
I have since determined I will probably simply limit the range to only be available in the small area I will need it, change the mac address of the router, hide the SSID, encrypt it and only allow certain MAC addresses on. If you have any other tips I'd love to hear them.
Probably should have thought about the fact that "passive" scanning wouldn't be transmitting anything but I thought that the card would have to be pining networks and such in order to detect hidden SSIDs and would therefore be able to be monitored.
posted by bjtitus at 1:37 PM on August 27, 2008
Response by poster: Didn't read the entirety of chrisamiller's post up there. He hit it right on the head. I need to install the router in a dorm where WIFI is unauthorized. I don't know how strict they will be, but I love planning these kinds of things out ahead of time just to be safe.
posted by bjtitus at 1:39 PM on August 27, 2008
posted by bjtitus at 1:39 PM on August 27, 2008
If it only needs to reach within your dorm room, you could consider making a faraday cage out of your room. A little aluminum foil will go a long way in reducing the range of your signal.
Of course, shiny metal decor isn't everyone's cup of tea...
posted by chrisamiller at 2:03 AM on August 28, 2008
Of course, shiny metal decor isn't everyone's cup of tea...
posted by chrisamiller at 2:03 AM on August 28, 2008
This thread is closed to new comments.
posted by 0xFCAF at 1:12 AM on August 16, 2008