Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim.

Published byFelicia West Modified over 8 years ago

Similar presentations

Presentation on theme: "Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim."— Presentation transcript:

1 Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim

2 Contents Project Description & Demo Competitors & Market Building Blocks & Project Timeline Challenges, Risks and Difficulty Level Product Testing Hardware and Software Requirements

3 Project Description

4 What is the product? An access point which can detect intruders and take counter measures Detection of Netstumbler Blocking / Jamming Netstumbler without affecting network performance Product will be open source and will integrate several available technologies

5 Project Demo Several computers on a wireless network Wireless network intruder using Netstumbler Three Phases Network setup Netstumbler and intrusion Intrusion detection and counter measures

6 Phase I – Network Setup 2-3 Linux machines setup with an access point to form a 802.11b network Data (packets) routed from linux machines to each other through AP Access point monitor used to detect source and destination of packets passing through the access point

7 Phase II – Intrusion Intrusion detection and jamming turned off Netstumbler used to access information on the wireless network Netstumbler captured packet information shown

8 Phase III – Intrusion Detection & Counter Measures Netstumbler packet detection Blocking of Netstumbler packets, RF jamming or fake AP barrage Data rate on wireless network measured w/ and w/o counter measures

9 User Interface Focus on proving the concept Open source allows end users to develop UI according to their needs Basic text-based user interface for testing, debugging and demo

10 Competitors & Market

11 Competitors Fake AP – Product developed by Black Alchemy. Used for flooding the wireless network with false AP beacon packets. Netstumbler gets overwhelmed with thousands of access points. Open Source, supported by linux.

12 Competitors (contd.) Air Defense – Enterprise/Military wireless intrusion detection system. Sold as a complete system which includes AirDefense sensors, server appliance. Does not take action against intruder, just monitors the network, and informs the administrator of any suspicious activity.

13 Price Fake AP is a freeware. Available at: http://www.blackalchemy.to/Projects/fa keap/fake-ap.html http://www.blackalchemy.to/Projects/fa keap/fake-ap.html AirDefense system costs between $19,000 to $25,000.

14 Our Product No product in the market today combines both Intrusion detection and response. Our product shall be freely available. This makes product unique and attractive to potential users.

15 Building Blocks Setup – Installing network cards on two linux machines, installing HostAP drivers, installing wireless sniffers, packet sniffer libraries. Detect NetStumbler – recognize netstumbler signature, UI design for reporting malicious activity.

16 Building Blocks (contd.) Counter-measures – - Logging event information (MAC, time, physical location) - Sending bogus AP information. - DoS Port to Open AP – combine detection and countermeasure and run it on an AP.

17 Building Blocks (contd.) OpenAP PC interface – write a TCP sockets client-server program. Allow network administrator to remotely configure and acquire information from Access Point.

18 Projected Timeline 12 weeks to complete.

19 Task Assignments

20 Challenges, Risks and Difficulty Level

21 Initial Setup – Challenges and Difficulty Lack of resources for experimental drivers Recompilation of kernel and other support packages Compatibility and interoperability of hardware

22 Initial Setup - Risk Project could be severely delayed if we are plagued with compatibility issues Incompatible hardware might require extra expenses to get different cards

23 Wardriving Detection – Challenges and Difficulty Limited storage memory Libpcap vs. low-level syscalls Development of algorithm for heuristic Wardriving detection

24 Wardriving Detection – Risks Inability to differentiate between Wardriver and legitimate client renders module useless Forced to resort to low-level syscalls without availability of experimental driver documentation

25 Countermeasure – Challenges and Difficulty Limited storage memory Countermeasures without affecting normal network performance Discovering new denial-of-service attacks attains Wardriving client

26 Porting to Access Point Different development framework Inaccessibility of access point Limited debug tools

27 Product Testing

28 Stage 1 : Wardriver Detection Reliable Wardriver detection Does not pick up legitimate traffic from a variety of wireless cards Logging

29 Stage 2 : Countermeasure Executed in parallel with Stage 1 Sufficiently confuses Wardriver Disables Wardriver Does not affect normal network traffic

30 Stage 3 : Access Point Remote deployment Durability (uptime) Status monitored remotely

31 Hardware and Software Requirements

32 Hardware Required 2x Linksys Wireless PC Card 1x Orinoco Gold Wireless Card 2x PCI-PC Card adapter USR 2450 Access Point Pretec 4MB Linear Mapped Card

33 Software Required Host AP Open AP Net Stumbler Ethereal Other scanners Other sniffers

34 Parts Designed and Adapted

35 Parts Adapted or Reused Host AP Open AP Fake AP

36 Parts Designed Intrusion detection algorithm Integration on Host AP Integration on Open AP

Download ppt "Wireless Intrusion Detection & Response ECE 4006 Group 2: Seng Ooh Toh Varun Kanotra Nitin Namjoshi Yu-Xi Lim."

Similar presentations

Wireless LAN Security Understanding and Preventing Network Attacks.

Wireless LAN Security Understanding and Preventing Network Attacks.
Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.

Chapter 19: Computer and Network Security Techniques Business Data Communications, 6e.
Firewalls Anand Sharma Austin Wellman Kingdon Barrett.

Firewalls Anand Sharma Austin Wellman Kingdon Barrett.
(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.

(part 4).  Gateways  A gateway is responsible for translating information from one format to another and can run at any layer of the OSI model, depending.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.

CS 550 Amoeba-A Distributed Operation System by Saie M Mulay.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.

Firewall and Proxy Server Director: Dr. Mort Anvari Name: Anan Chen Date: Summer 2000.
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)

Similar presentations

Ads by Google