Silent Threats: Detecting and Eliminating Unauthorized Wireless Access Points

Objective

The goal of this project is to detect unauthorized wireless access points (APs) in the vicinity using tools like Kismet or NetStumbler. This project aims to provide an understanding of the potential security threats posed by rogue APs and demonstrate methods to detect and mitigate these threats effectively.

Step-by-Step Project Description

1. Setting Up the Environment

2. Setting Up the Rogue Access Point

Hardware Required:

• A computer with a wireless network adapter capable of monitor mode.
• A second device to act as the rogue AP (this can be another computer or a wireless router).

Software Required:

• Kismet: A wireless network and device detector, sniffer, wardriving tool, and WIDS (Wireless Intrusion Detection System) for Linux, macOS, and Windows.
• NetStumbler: A tool for Windows that facilitates the detection of wireless networks.
• Hostapd: A tool to create the rogue AP on Linux, or configuring a wireless router.

Using Hostapd on Linux:

Install Hostapd:

sudo apt-get install hostapd        

Create a Configuration File for Hostapd: Create a file named hostapd.conf with the following content:

makefile
interface=wlan0 driver=nl80211 ssid=RogueAP hw_mode=g channel=6        

Start the Rogue AP:

sudo hostapd hostapd.conf        

Using a Wireless Router:

1. Reset the Router to Factory Settings: Ensure it has no pre-configured settings that might interfere.
2. Configure the Router with a New SSID:
3. Place the Router: Position the router within the vicinity of the monitoring computer to simulate a rogue AP.

3. Using Kismet for Detection

Installation:

sudo apt-get install kismet        

Configuration: Configure the Wireless Adapter to Monitor Mode:

sudo ifconfig wlan0 down sudo iwconfig wlan0 mode monitor sudo ifconfig wlan0 up        

Running Kismet:

sudo kismet        

User Interface: When Kismet starts, it automatically begins scanning for wireless networks. Navigate the Kismet interface to view the detected networks.

Analyzing Data:

• Identify Rogue APs: Look for SSIDs that are not part of your authorized network.
• Cross-Reference: Compare detected SSIDs and MAC addresses with your list of known, authorized devices. Identify any discrepancies or unknown devices.

4. Using NetStumbler for Detection (Alternative to Kismet)

Installation and Setup:

• Download and install NetStumbler from its official website.
• Open NetStumbler and it will start scanning for wireless networks.

Analyzing Data:

• Identify Unauthorized SSIDs: Look for any unexpected SSIDs.
• Cross-Reference: Compare the detected SSIDs with your list of authorized networks.

5. Mitigation and Reporting

Mitigation:

• Physically Locate the Rogue AP: Use signal strength indicators to triangulate the position of the rogue AP. Once located, disconnect and remove the rogue AP.
• Enhance Security Measures: Change wireless network passwords, implement stronger encryption (WPA3 if possible), and use MAC address filtering to allow only authorized devices.
• Regular Scans: Schedule regular scans using Kismet or similar tools to detect any future rogue APs.

Reporting:

• Create a Detailed Report: Include the findings from the scans, describe the steps taken for detection and mitigation, and provide recommendations for improving network security.
• Communicate to Stakeholders: Present the report to relevant stakeholders, such as IT management or security teams. Discuss the potential impacts of rogue APs and the importance of regular monitoring.

Tools Used in the Wireless Rogue Access Point Detection Project

1. Hostapd

Purpose: Hostapd (Host Access Point Daemon) is used to set up a rogue access point.

Features:

• Allows any Wi-Fi adapter with appropriate driver support to act as an access point.
• Supports a variety of wireless security mechanisms, including WPA/WPA2.

Installation and Usage:

• Install using: sudo apt-get install hostapd
• Configure by creating a configuration file (e.g., hostapd.conf).
• Start the access point with: sudo hostapd hostapd.conf

Example Configuration (hostapd.conf):

interface=wlan0

driver=nl80211

ssid=RogueAP

hw_mode=g

channel=6

makefile
interface=wlan0 driver=nl80211 ssid=RogueAP hw_mode=g channel=6        

2. Kismet

Purpose: Kismet is a powerful wireless network and device detector, sniffer, and intrusion detection system.

Features:

• Captures wireless traffic.
• Identifies and maps wireless networks and devices.
• Can detect hidden SSIDs and sniff wireless packets.
• Compatible with a wide range of wireless hardware.

Installation and Usage:

• Install using: sudo apt-get install kismet
• Start Kismet by running: sudo kismet

Usage Instructions:

• Prepare Wireless Adapter:

sudo ifconfig wlan0 down

sudo iwconfig wlan0 mode monitor

sudo ifconfig wlan0 up

• Run Kismet: sudo kismet

Analyze Data:

• Kismet’s GUI will show detected networks.
• Look for unauthorized SSIDs and analyze their details.

3. NetStumbler

Purpose: NetStumbler is a Windows tool that facilitates the detection of wireless networks.

Features:

• Detects wireless LANs using 802.11b, 802.11a, and 802.11g.
• Provides information on network signal strength, SSIDs, and MAC addresses.
• Useful for wardriving, verifying network configurations, and detecting rogue access points.

Installation and Usage:

• Download and install it from the official NetStumbler website.
• Open NetStumbler and it will automatically start scanning for wireless networks.

Usage Instructions:

• Run NetStumbler: Upon opening, NetStumbler will begin scanning and displaying wireless networks in the area.

Analyze Data:

• Use the interface to view detected networks.
• Identify unauthorized or unexpected SSIDs and MAC addresses.

4. Wireshark (Optional)

Purpose: Wireshark is a network protocol analyzer that can capture and display the data traveling back and forth on a network in real time.

Features:

• Captures packets in real time and displays them with detailed protocol information.
• Useful for analyzing network traffic and troubleshooting network issues.
• It can be used to examine the details of the wireless traffic captured by tools like Kismet.

Installation and Usage:

• Install using: sudo apt-get install wireshark
• Run Wireshark and select the wireless network interface to start capturing packets.

Usage Instructions:

• Prepare Wireless Adapter:

sudo ifconfig wlan0 down

sudo iwconfig wlan0 mode monitor

sudo ifconfig wlan0 up

• Run Wireshark: sudo wireshark

Start Capture:

• Select the wireless interface and start capturing.

Analyze Packets:

• Look for suspicious or unexpected traffic patterns.

Conclusion

The Wireless Rogue Access Point Detection project highlights the critical importance of network security in an era where wireless connectivity is ubiquitous. By setting up and detecting rogue APs using tools like Kismet, NetStumbler, and Wireshark, this project demonstrates practical methods for identifying and mitigating potential security threats.