OpenWIPS-ng – Open Source and Modular Wireless IPS (Intrusion Prevention System)
OpenWIPS-ng is an open source project WIDS/WIPS by Thomas d’Otreppe, the author of Aircrack-ng. The idea started from a project where Thomas came up with a way to monitor all the 2.4 channels using multiple cards and he continued expanding on idea for detection and also prevention since the cards used supported injection. For those familiar with Aircrack-ng, you probably understand how the capabilities of Aircrack-ng can be utilized for a WIPS solution.
The hope is that OpenWIPS-ng will be an alternative to commercial WIDS/WIPS solutions that usually cost over $10k for a server and hand full of sensors. The solution is modeled after the architecture of the commercial systems but will rely on commodity hardware for sensors, servers and leverage the capabilities of Aircrack-ng for scanning, detecting, and injection.
OpenWIPS-ng is an open source and modular Wireless IPS (Intrusion Prevention System). It is composed of three parts:
Sensor(s): “Dumb” devices who capture the wireless traffic and send it to the server for analysis. Also responds to attacks.
Server: Aggregates the data from all sensors, analyze it and respond to attacks. It also logs and alert in case of an attack.
Interface: GUI to manage the server and display informations about the threats on your wireless network(s).
Great video from Derbycon presentation introducing OpenWIPS-ng.
My favorite quote form the video is about wireless denial of service (DOS) attacks…”vendors say they can stop it, that is bullsh*t”. The author of OpenWIPS-ng recommends a “hardware add-on” that can stop DOS…as baseball bat…haha.
Download OpenWIPS-ng Beta
Version 0.1 beta 1 can be downloaded from project page. Current the solution has below.
– Contains the sensor and server
– Detect attacks
– Attack detection plugins:
**Information Element check
– Frame check plugins:
** FromDS and ToDS bit check
** Frame subtype check
** Protocol version check
– Logging to a file or to syslog
Cloud WiFi Scanning Solution/WIDS
Looking forward to next version of OpenWIPS-ng. It is a big challenge since commercial versions are very mature and have addressed many of the challenges related to scaling a WIDS/WIPS solution.
The one area that all existing solutions have not been able do, is reduce the effort and cost of installing sensors. This is what we have done with our cloud WiFi scanning/WIDS solution at http://wlancontroller.com. We are leveraging the existing scanning capabilities of Windows, Mac OS, and Android devices for WiFi scanning/WIDS.
If you liked this post, subscribe using below