OpenWIPS-ng – Open Source and Modular Wireless IPS (Intrusion Prevention System)

OpenWIPS-ng is an open source project WIDS/WIPS by Thomas d’Otreppe, the author of Aircrack-ng. The idea started from a project where Thomas came up with a way to monitor all the 2.4 channels using multiple cards and he continued expanding on idea for detection and also prevention since the cards used supported injection. For those familiar with Aircrack-ng, you probably understand how the capabilities of Aircrack-ng can be utilized for a WIPS solution.

The hope is that OpenWIPS-ng will be an alternative to commercial WIDS/WIPS solutions that usually cost over $10k for a server and hand full of sensors. The solution is modeled after the architecture of the commercial systems but will rely on commodity hardware for sensors, servers and leverage the capabilities of Aircrack-ng for scanning, detecting, and injection.

OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts:

Sensor(s): “Dumb” devices who capture the wireless traffic and send it to the server for analysis. Also responds to attacks.
Server: Aggregates the data from all sensors, analyze it and respond to attacks. It also logs and alert in case of an attack.
Interface: GUI to manage the server and display informations about the threats on your wireless network(s).

Great video from Derbycon presentation introducing OpenWIPS-ng.

My favorite quote form the video is about wireless denial of service (DOS) attacks…”vendors say they can stop it, that is bullsh*t”. The author of OpenWIPS-ng recommends a “hardware add-on” that can stop DOS…as baseball bat…haha.

Download OpenWIPS-ng Beta

Version 0.1 beta 1 can be downloaded from project page. Current the solution has below.

- Contains the sensor and server
- Detect attacks
- Attack detection plugins:
**Deauthentication detection
**Fragmentation detection
**Information Element check
- Frame check plugins:
** FromDS and ToDS bit check
** Frame subtype check
** Protocol version check
- Logging to a file or to syslog

Cloud WiFi Scanning Solution/WIDS

Looking forward to next version of OpenWIPS-ng. It is a big challenge since commercial versions are very mature and have addressed many of the challenges related to scaling a WIDS/WIPS solution.

The one area that all existing solutions have not been able do, is reduce the effort and cost of installing sensors. This is what we have done with our cloud WiFi scanning/WIDS solution at http://wlancontroller.com. We are leveraging the existing scanning capabilities of Windows, Mac OS, and Android devices for WiFi scanning/WIDS.

Filed under: Gadgets, WLAN Security | no comments yet, your thoughts are welcome

iBooks Author EULA is Not a Big Deal

iBooks Author is a *FREE* tool for creating and publishing multi-touch books for the iPad.

Per Apple, “now anyone can create stunning iBooks textbooks, cookbooks, history books, picture books, and more for iPad. All you need is an idea and a Mac. Start with one of the Apple-designed templates that feature a wide variety of page layouts. Add your own text and images with drag-and-drop ease. Use Multi-Touch widgets to include interactive photo galleries, movies, Keynote presentations, 3D objects, and more. Preview your book on your iPad at any time. Then submit your finished work to the iBookstore with a few simple steps. And before you know it, you’re a published author.”

Apple has the follow EULA items that some people don’t like.

IMPORTANT NOTE:
If you charge a fee for any book or other work you generate using this software (a “Work”), you may only sell or distribute such Work through Apple (e.g., through the iBookstore) and such distribution will be subject to a separate agreement with Apple.

B. Distribution of your Work. As a condition of this License and provided you are in compliance with its terms, your Work may be distributed as follows:
(i) if your Work is provided for free (at no charge), you may distribute the Work by any available means;
(ii) if your Work is provided for a fee (including as part of any subscription-based product or
service), you may only distribute the Work through Apple and such distribution is subject to the following limitations and conditions: (a) you will be required to enter into a separate written agreement with Apple (or an Apple affiliate or subsidiary) before any commercial distribution of your Work may take place; and (b) Apple may determine for any reason and in its sole discretion not to select your Work for distribution.
Apple will not be responsible for any costs, expenses, damages, losses (including without limitation lost business opportunities or lost profits) or other liabilities you mayincur as a result of your use of this Apple Software, including without limitation the fact that your Work may not be selected for distribution by Apple.

I disagree with what many are saying – Apple is not claiming rights to content but only distribution rights to “Work” created via iBooks if you plan to charge a fee. If authors use exact same content and recreate an ebook, blog post, or publish a paper book using a different tool like MS Word, they are free to do what they want with final “Work” but “iBooks” must be published via iBookstore.

Bottom line, Apple wants their cut if you want to distribute your book via their storefront – iBookstore… Amazon does this and every other for profit business. Software publishers on Apple App Store are familiar with this type of fee structure and restrictions.

I’m OK with above and am willing to agree to EULA to get access to iBookstore. I think this also adds protection for authors and allows Apple to go after future iBookstore copy cats that may start hosting iBooks online. My guess is they will continue to clarify EULA like they have done with App Store and App Store developer guidelines.

Filed under: Gadgets, How To Guides | 1 Comment

USB to Serial Adapter for Mac OS X Lion with Driver

Find a USB to serial adapter that uses the Prolific part number PL2303 chip. I have the Tripp Lite USB to Serial DB9M Adapter (U209-000-R) that sells for $17 on Amazon.

“The PL-2303 USB-to-Serial Bridge Controller is a low cost and high performance single chip solution. It provides a simple and easy way to use bridge/connectivity between the Universal Serial Bus (USB) and Serial Port interface. With the advantage of USB port, users have the capability to utilize the peripheral with serial port interface in an easy-to-use environment such as plug and play & hot swap function.”

PL2303 Mac OS Snow Leopard and Lion Driver

PL-2303 (H, HX, X chip version) Mac OS X Universal Binary Driver v1.4.0 (DMG file format), Prolific Edition For Mac OS X 10.7 Lion and 10.6 Snow Leopard (32-bit and 64-bit kernel)

I didn’t use above but used driver from http://xbsd.nl/2011/07/pl2303-serial-usb-on-osx-lion.html and followed directions from website.

download osx-pl2303.kext.tgz and extract
cd /path/to/osx-pl2303.kext
cp -R osx-pl2303.kext /System/Library/Extensions/
next you need to fix permissions and execute bits:
cd /System/Library/Extensions
sudo chmod -R 755 osx-pl2303.kext
sudo chown -R root:wheel osx-pl2303.kext
cd /System/Library/Extensions
kextload ./osx-pl2303.kext
kextcache -system-cache

Terminal / Console Software

Zterm v1.2 works on Lion.

Other USB to Serial Adapters that Use PL2303

I don’t have access to below items but they use the PL2303 chipset and should work with above drivers.

Plugable USB to RS-232 DB9 Serial Adapter With Prolific PL2303HX Chipset — $11.95 on Amazon

USB to RS232 Serial Adapter Cable DB9 With Prolific PL2303 Chipset — $3.24 on Amazon

Syba SY-ADA15006 USB A Male to Serial Cable DB9 (RS232) — $9.97 on Amazon

ATEN USB to PDA/Serial (DB9) Adapter w/ PC & Mac Drivers UC232A — $24.20 on Amazon

Will add more as I learn about Adapters that use PL2303 chipset.

Filed under: How To Guides | 1 Comment

WiFi Repeater, WiFi Booster or WiFi Extender?

Lots of confusion on the best way to improve WiFi signals for business and residential users. The best answer depends on your goal. Do you need a few more signal bars, better throughput, or serve more clients. The best solution to address your needs will depend on below.

1) Are you able to run a network cable to location with a weak signal?
2) Do you have access to power outlet near location with weak signal?
3) What is your budget?

Post a comment with your exact issue and we’ll reply with possible options.

Low Budget Solutions

Try low budget solutions below first before spending money on additional hardware.

Aluminium Can Signal Booster

more info on thechive.com

Aluminium Foil Signal Booster

photo and solution by @wifi_guy

Filed under: How To Guides, WLAN Deployment | 3 Comments

What The Karate Kid Can Teach You About Becoming a WLAN Pro

The Karate Kid movie came out in 1984 and starred Ralph Macchio and Pat Morita. IMDB summarizes the movie as “handyman/martial arts master agrees to teach a bullied boy karate and shows him that there is more to the martial art than fighting.” The main character Daniel LaRusso – aka Daniel-san is taught how to fight by Mr. Miyagi and by end of the movie wins the local karate tournament and the respect of the bullies.

Believe it or not the movie can teach us many lessons on how to master WiFi. Below are some of the lessons and how they relate to becoming a WLAN Pro.

Get Mentored by Pros: Daniel knew some karate from a book he read and from lessons at the local YMCA but he never had professional training until he started working with Mr. Miyagi.

Get access to professional training from others who have mastered WiFi. If you don’t have access to professional training, start leveraging the Internet for information and advice. You can follow some of the best WiFi minds on Twitter at no cost.

Master the Fundamentals: Mr. Miyagi has Daniel waxing cars, sanding deck floors, and painting his fence. Daniel thinks that Mr. Miyagi is using him for free labor but in reality he has been learning the fundamentals needed for karate the entire time.

There are no secrets to 802.11. All the information you need about the standard and amendments are very well documented but the fundamentals skills needed to make use of the technology are not always easy to master. Some items are labor intensive and not exciting but once mastered will help with project management, technical and security aspects of projects.

- Physical Surveying
- RF Surveying
- Cabling
- Post Site Surveying
- Client Troubleshooting
- 802.11 Frame Analysis
- Bill of Materials (BOM) Creation
- Installing Access Points
- Racking/Stacking Equipment
- L2/L3 Networking

Never Give Up, Think Big: Daniel overcame injury in the tournament and won fights against several Cobra Kai fighters to reach the finals. But his goal was bigger than that..he wanted to win the tournament.

When times are tough and it seems like you’ll never get the job, pass the certification test or figure out the technical issues, continue pushing and learning more and lean on friends and family to get you through.

Help Others: Mr. Miyagi comes to the aid of Johnny, the Cobra Kai fighter Daniel just beat for the championship trophy, even though he was one of the bullies that caused so much trouble for Daniel.

The lesson here is that once you reach your goal give back and help others.

Filed under: Careers | Comments Off

How to Tell a WLAN Pro from a WLAN Joe

WiFi / wireless LAN networking has become complex enough that for a good size network (200+ access points, 5+ locations, 500+ clients) a full time WLAN Pro on staff or through a consulting firm is recommended.

Telling the difference between a WLAN Pro from a WLAN Joe is not easy, especially if you are not a WLAN Pro yourself. It is similar to hiring a good software developer if you aren’t a developer or a sales leader if you have never been a sales professional.

Below are several areas of experience and knowledge that should to be considered when determining if a candidate for hire is a WLAN Pro or a WLAN Joe.

This list can also be used to help guide your career if you want to become a WLAN Pro.

1. RF Surveying: Ask how many square feet have they RF surveyed using professional grade software like AM, Ekahau, or TamoSoft? If they have never heard of AM, Ekahau or TamoSoft…..WLAN Joe!

   This is tough one…there are many WLAN Pros who have designed, secured and managed complex networks that have never RF surveyed, only surveyed a few thousand square feet or have only used predictive survey software.

   RF surveying is a skill that every WLAN Pro should have. At the minimum a WLAN Pro will know when a RF survey is needed and how to perform survey for different types of environments (warehouses, hospitals, old construction, outdoors, etc).

   If I had to give a number, I would say anyone that hasn’t RF surveyed more than 6 million indoor square feet in their lifetime is a WLAN Joe.

2. Enterprise Equipment: This is one of the biggest tells. If they only have experience with SOHO gear (Linksys, Netgear, D-Link, etc.) they are a WLAN Joe.

   A few years ago getting access to enterprise gear was costly but as companies move to 802.11n, the cost of used and excess inventory of 802.11 a/b/g equipment has come down. In many cases you can find enterprise class WLAN controllers and access point kits for less than $250.

   There could be many valid reasons why a candidate doesn’t have hands on time with enterprise gear..but no grey area here…no enterprise gear experience, not a WLAN Pro.

3. Direct Experience: Having 10 of years of experience in networking is not the same as even one year direct experience with 802.11. There are many rock star networking professionals out there but without direct experience implementing WLANs they are probably a WLAN Joe.

   Below are several experts in their field who are not automatically WLAN Pros.

   • CCIE R&S does not equal CCIE Wireless
   • 30 Years of radio engineering experience does not equal 802.11 expertise
   • A CISSP will help with understanding WiFi security issues but does not equal 802.11 expertise
4. Relevant Experience: For this topic relevant means equal to in size and scope. WiFi networks come in many sizes and are implemented for different purposes. For example, a 5000 room hotel has different requirements than a 5 million square foot warehouse or a thousand 5000 square foot retail store chain. All will require access points and proper wifi coverage but the details of security, management, performance will vary. Confirm the candidate has the experience in terms of size and scope to your project requirements.
5. 802.11 L1/L2 Knowledge: Expertise is not needed but solid foundation of 802.11 L1/L2 is the difference between a WLAN Pro and WLAN Joe.

   In home networks, clients just work even with SOHO gear. In an enterprise network there are so many possible issues that you really have to be confident that the RF is not the issue before starting to troubleshoot DHCP, DNS, client hardware, security settings, and the end user.

6. Certifications: Vendor certifications or vendor neutral certifications (CWNP) don’t guarantee anything but do demonstrate that the candidate is serious enough about their profession to know what certifications exist and they made the effort to get certified.

   If the candidate has no WLAN focused certifications or has never heard of any wireless vendor certifications or the CWNP, they are a WLAN Joe.

If the candidate doesn’t meet any or some of the above items, I recommend they be considered for less WiFi focused portions of the project such as cabling, AP installation, racking/stacking equipment, configuration/staging, project management, and post install support.

From WLAN Joe to WLAN Pro

It doesn’t take 10 years to go from a WLAN Joe to a WLAN Pro. With the right type of WLAN project experience and dedication to learning about 802.11 someone with solid networking experience can become a WLAN Pro in about a year.

Anything missing from above list? If so, let me know via Twitter @WLANBook.

Note: There is nothing wrong with being a WLAN Joe, everybody has to start somewhere…based on criteria above…I’m a WLAN Joe!

Filed under: Careers, WLAN Design | Comments Off

History of Wireless LAN Vendors – Ubiquiti Networks

On October 14, 2011, Ubiquiti went public and as of January 13, 2012, UBNT’s market cap is over $2 BILLION and looks like it is trending up.

Per a Forbes.com article “in the 12 months ended Sept. 30, 2011, Ubiquiti netted $64 million on $243 million in sales. That 26% net margin is the highest of any publicly traded computer hardware firm, according to FactSet Research Systems.”

Some other nuggets from article.

- Nearly 70% of Ubiquiti’s top line comes from developing countries like Brazil, Indonesia and the Czech Republic, often in spots where there are simply no cables in the ground

- Ubiquiti has no direct sales force and operates globally using resellers

- Ubiquiti makes systems that provide Internet access for as few as ten people within a 9-mile radius, to 10,000 customers (or more) within a 36-mile radius.

- Motorola’s former Canopy unit (now called Cambium Networks) charges $2 million to $4 million for a system with 10,000 subscribers; Ubiquiti’s equivalent system goes for $1.65 million.

History of Ubiquiti Networks

Wikipedia says that “Ubiquiti Networks formally entered the wireless technology market in June 2005, after announcing its “Super Range” mini-PCI radio card series”. Not sure what “formally” means but below is Ubiquiti Networks’ website front page from March 22, 2004 which seems to indicate that they already were public with info about the Super Range and AP-ONE products.

2006

Early on, Ubiquiti Networks was best known for their Super Range internal WiFi cards for embedded systems. A quick trip down memory lane of their 2006 product line is below.

Embedded Mini-PCI

Super Range 2 – 2.4 GHz Band Card

Super Range 3 – 3.5 GHz Licensed Band Card

Super Range 4 – 4.9 GHz Public Safety Band Card

Super Range 5 – 5 GHz 802.11a Card

Super Range 9 – 900-928 MHz Unlicensed Band Card

Portable Cardbus Adapters
Super Range Cardbus – one of the best 802.11 a/b/g cardbus cards. Still have one in my desk drawer. Waiting for cardbus PC Card slots come back to laptops (sigh).

Mesh Basestation

AP-One

The AP-ONE was pushed as a high powered mesh AP with very sensitive radios. Back then city wide WiFi network builders were looking for ways to reduce the number of access points needed to cover large areas vendors were pushing high power radios as solution.

“The AP-ONE can instantly create ubiqutious, scalable Wi-Fi networks. Featuring world class output power (1 Watt, 30dBm) and 802.11 receive sensitivity (-98 dBm), the AP-ONE is powerful enough to penetrate walls. Additionally, an independent 1 Watt 108 Mbps 5.8 GHz radio provides a fast and clean backhaul connection to create powerful mesh networks.”

Subscriber Station

LiteStation 2

2008

Around 2006, I stopped tracking Ubiquiti Networks. Not sure why but most likely because enterprise players like Cisco and startups like Airespace, Aruba Networks, and Trapeze were getting all the press. While these vendors fought for who had the most enterprise market share according to Dell’Oro and who was in Gartner’s Magic Quadrant, Ubiquiti Networks continued to add products that addressed the needs of Wireless Internet Service Providers (WISPs) in emerging markets.

By 2008 they had four additional products lines.

The Bullet – Allows any antenna to become a radio system starting at $39.

NanoStation loco – A low cost wireless CPE device that started at $49.

PicoStation – A small form factor access point.

RouterStation – An embedded single board computer that was compatible with Ubiquiti cards.

Ubiquiti SR71 Series

Ubiquiti’s high performance wireless-cards based on an Atheros AR9160 which supports 802.11a/b/g/n.

SR71-E

MiniPCI Express

SR71-A

MiniPCI (not express); 2,4GHz & 5,4GHz; 3 Antenna Connectors (3×3 MIMO); 24dBm, +/-2dB

SR71-2

MiniPCI (not express); only 2,4GHz (b/g/n); 2 Antenna Connectors (2×2 MIMO); 27dBm, +/-2dB

SR71-5

MiniPCI (not express); only 5,4GHz (a/n); 2 Antenna Connectors (2×2 MIMO); 27dBm, +/-2dB

SR71-C

Cardbus; 2,4GHz & 5,4GHz; 2 Antenna Connectors (2×2 MIMO); 24dBm, +/-2dB

SR71USB

USB; 2,4GHz & 5,4GHz; 2 Antenna Connectors (2×2 MIMO); 24dBm, +/-2dB

SR71 Express Card

2010

By early 2010 Ubiquiti Networks started marketing the AirMax product line, a full range wireless ISP solution as a lower cost alternative to products big name telecom equipment vendors were offering.

UniFi WNMS and Access Points

Towards the end of 2010, Ubiquiti released a wireless network management system (WNMS) and access points as their UniFi product line.

“Unlike traditional enterprise WiFi systems utilizing a hardware WiFi Switch, Unifi uses a virtual client/server application that requires zero cost and no additional hardware.”

UniFi Indoor and Outdoor APs

UniFi AP Mini

UniFi AP

UniFi AP Long Range

UniFi AP Outdoor

2011

In August 2011, Ubiquiti announced the AirVision IP Camera/Network Video Recorder Management System and airCam, airCam Dome, airCam Mini cameras.

Filed under: WLAN/WiFi News | Comments Off

Why Did Apple Ban iPhone / iPad WiFi Scanning Apps?

Official Answer: Because there are “no published APIs that provide the ability to manipulate the wireless connection or the show level of information regarding the wireless connection”.

English Translation: Apple has not documented a way for developers to collect RSSI, Noise, Channel, and other information usually displayed by WiFi Scanners.

iOS 4 WiFi Scanner Apps

WiFI Scanner apps that were on the app store prior to the ban in 2010 most likely used methods documented by the folks who created an app called Stumbler.

Stumbler iPhone WiFi Scanner App

Info from Stumbler / “iphone-wireless” website below.

Stumbler lets you view the wireless networks in your area. While right now Stumbler only handles 802.11 networks, soon you should see Bluetooth and GSM capabilities as well. Stumbler is still in a early Alpha stage, but it is fully functional, and pretty stable.

Planned Features
Auto Scanning
Manufacturer detection
Logging
A-GPS
Raw 802.11 packet capture (monitor mode)

Screenshot of Alpha Version of Stumbler App

iOS 5 Broke WiFi Scanner Apps that Worked on iOS 4

In iOS 5 a few items changed causing apps that worked on iOS 4 to stop working. The developer community was able to make changes to get their apps working again but iOS 5 scanning feature only works on jailbroken devices.

My fear is that Apple doesn’t want others (ahem..Google) using their large iPhone/iOS user base to create/improve their WiFi position database that would compete with Apple’s WiFi location database so they are in no rush to provide this capability. Or it could just be that they have many more important features that need attention.

My hope is that Apple will provide a documented way to get needed information on iOS like they have done on Mac OS.

Filed under: WLAN Tools | 2 Comments

USNAP – Utility Smart Network Access Port Alliance

The USNAP Alliance is similar to the Wi-Fi Alliance for “Smart Grid” solutions.

“The mission of the Utility Smart Network Access Port (USNAP) Alliance is to create a protocol independent serial interface standard that enables any HAN (Home Area Network) standard, present and future, to use any vendor’s Smart Meter as a gateway into the home, without adding additional hardware in the Smart Meter. The USNAP Alliance fosters collaboration and education among utilities, AMI suppliers, HAN venders, industry consultants, academics and regulators who seek interoperable, secure and cost effective solutions for extending the Smart Grid to energy aware consumer products.

USNAP Port

“The term USNAP is an acronym for Universal Smart Network Access Port, a simple, yet cost effective solution that enables any HAN (Home Area Network) standard, present and future, to smart meters, energy gateways or other devices within the home. By providing industry with a protocol independent serial interface, it is possible to extend the Smart Grid directly to energy aware consumer products.”

USNAP enables smart appliances and devices.

USNAP WiFi Module in WiFi Thermostats

If you read my previous post about WiFi Thermostats and have seen the 3M Filtrete Thermostat’s at Home Depot you may have noticed that the WiFi capability was via a WiFI USNAP module. The thermostat can accommodate a second USNAP module that could someday be linked to a smart meter via ZigBee or WiFi to maximize energy savings.

Filed under: Gadgets, WLAN Tools | Comments Off

How Android and iOS Can Protect Users from WiFi Protected Setup (WPS)

Wi-Fi Alliance’s Wi-Fi Protected Setup specification describes how a wireless device can be automatically configured with wireless network security settings. The goal was to make it easier for non techies to configure devices to securely connect to wireless routers. On Dec 27, 2011 the US-CERT released Vulnerability Note VU#723755 outlining that the WiFi Protected Setup (WPS) PIN is susceptible to a brute force attack.

Getting the word out to the people most impacted by this vulnerability is not easy. Non-techies don’t track alerts from US-CERT or read techie blogs and may never know that their device has WPS enabled (talking to you Mom).

This is where Google and Apple can help by updating iOS and Android with core functionality that detects WPS.

If the device the user is connected to has WPS enabled iOS or Android would alert the user and direct them to a web page with more info about issue and what they can do.

Filed under: WLAN Security, WLAN Tools | Comments Off