Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42869
  • Total Topics: 16078
  • Online Today: 3869
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: The EvilAP Defender - a Tool for Network Administrators  (Read 3621 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Mohamed Idris has created a tool to help network administrators discover and DoS rogue access points.

The EvilAP Defender open source tool published to GitHub can be run by admins at intervals to determine if attackers are attempting to get their users to connect to malicious networks: https://github.com/moha99sa/EvilAP_Defender/blob/master/README.TXT

Those evil twin attack networks are powerful copycats of legitimate access points that attempt to get users to connect in a bid to harvest subsequent traffic.

Idris says the tool will send email alerts to admins when evil twins are detected, and launch denial of service attacks to buy time.

"Additionally you can configure the tool to perform DoS on discovered evil AP in order to give the administrator more time to react," Idris says.

"However, notice that the DoS will only be performed for evil APs which have the same SSID but different BSSID (AP’s MAC address) or running on a different channel. This to avoid DoS your legitimate network."

More features are being added including on the back of Reddit network security discussion, including SMS notification: http://www.reddit.com/r/netsec/comments/311kzg/evilap_defender_protect_your_wifi_from_evil_twin/

It presently paints access points as evil based on BSSIDs and attributes including channels, ciphers, protocols, Organizationally Unique Identifiers, and authentication.

Admins can put the tool in learning mode so that it can identify friendly networks.

Users are invited to email Idris about the tool: moha99sa [at] yahoo [dot] com

(ElReg)

Bootnote: Launching denial of service attacks against something you don't own, even a very obvious Evil Twin, could be illegal. Effective, clever, but illegal.

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising