/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsImagine a ship alone at sea, hunted by pirates that would be happy to board the ship and purloin the bounty of cargo. Our product (FakeAP) is Times Square on New Year's eve. FakeAP provides the cast of extras where
hiding is possible: in plain sight, making it unlikely for an organization to be discovered.
Black Alchemy Weapons Lab
One drawback of a wireless network over a traditional wired LAN is that it's more vulnerable to attack. As data on a wireless network is freely transferred over air, anyone sitting inside or outside your office can capture it. Lots of methods, such as WEP (Wired Equivalent Privacy), MAC address-based filtering and Radius server authentication are available to secure a wireless network. Out of these, Radius based authentication is the most secure, but the setup for it is elaborate and a bit complicated. WEP isn't very secure as it can be cracked, and MAC address-based filtering is suitable only for limited scenarios, like when you have only a handful of wireless users. That's why, we've found another simpler but effective way of protecting your WiFi network: FakeAP. Instead of giving the hacker a single wireless access point to attack, give him about 53,000 of them. Read on.
|
The concept of FakeAP is very simple, but to understand it you have to understand what happens when someone tries to hack into your WiFi network.
A hacker always tries to capture data from an access point. He then starts breaking the encryption layer and gradually gets authenticated on the network. Even if he is not authenticated, he can capture all the data in most cases. To fool the hacker, here, we create just 53,000 fake access points. So, when the hacker is trying to hack, he will see these many access points and will not be sure about which ones to attack. All these access points will send different Beacon Frames: used by an access point to advertise itself over a network: with different WEP keys, ESSID, MAC addresses and channels. So, if the hacker tries to crack all the 53,000-WEP keys, on an average it would take him about 1,59,000 days to crack them with a P4 machine!
Installing and running the product is very simple, but you need some prerequisites. First, you will need a prism versions 2/2.5/3 chipset-based wireless card, which supports HostAP drivers. You then have to configure and install the HostAP driver for this card. For more information on how to do this, read the article titled Build a Wireless Access Point (page 95, PCQuest, April 2004). When you are ready with this, put this month's Essential CD into your machine and copy the fakeap-0.3.1.tar.gz file to your home directory and extract it like this.
#cp fakeap-0.3.1.tar.gz ~
#tar --zxvf fakeap-0.3.1.tar.gz
Now go to the newly created directory fakeap-0.3.1 and run fakeap.pl like this.
#perl fakeap.pl --interface wlan0
--words /file.txt --wep 1
Here, the switch ‘--interface' defines the interface which has the HostAP running and will be used by FakeAP and ‘--words' specifies a text file which contains the list of words from which FakeAP will generate the SSIDs. This file can have two to 53,000 words, where each word would represent a wireless access point generated by FakeAP. We used 56 words to test FakeAP. Also, ‘--wep 1' defines that the fake access points will advertise themselves as being WEP protected. Alternately, --wep 0 means WEP is disabled. You can define the directory path and file name for the ‘--words file', which in our case is a file called file.txt located in the system root directory.
Now on a PC with a WiFi adapter search for access points. You will find a long list showing all the access points you have created with
FakeAP.
Anindya Roy