Wireless Security

Some notes and links that I've compiled on wireless security. Most of them deal with finding rogue access points, and other esoteric aspects of wireless security.

Cards that do monitor mode in Linux

If you're hunting out rogue access points, you'll want a wireless card that handles monitor mode, so you can find hidden networks. Most cards running Windows drivers under NDisWrapper don't do this.

Some that are known to work: AirDump.net list of cards

• Belkin F5D7050 - USB, 802.11g
• Belkin F5D7050 (EF,ES), D-Link DWL-G122, Edimax EW7318 (UG,USg) $30 Linksys WUSB54 (GC,GR) rt2570 (with external antenna) - USB, 802.11b/g

Finding rogue access points

Manually (i.e. walking around or searching the wire)

• Tech World - Find wireless rogues without sensors (2005)
• [1]
• TuxMobil - Wireless LAN Sniffers
• Elixar AirTraf
• the ubiquitous kismet
• Wellenreiter

Autonomously (i.e. sensor nets)

• IBM Distributed Wireless Security Auditor

Spectrum Analysis

• MetaGeek.net - the WiSpy $200-$400
• MiniSA - currently Windows-only
• CircuitCellar - home built 2.4GHz spectrum analyzer
• another DIY 2.4GHz spectrum analyzer for under $50.
• interesting CMU undergraduate thesis on spectrum analysis of a wireless network