From: Moser Max (MMoser@3gmobile.ch)
Date: Tue Aug 06 2002 - 04:32:08 EDT
Hi there once again :-)
After we did develop the Wireless-scanner "Wellenreiter"
(http://www.remote-exploit.org,
the team remote-exploit.org found some difficulties in Implementing all
the desired features
and did think about a more modular way to do it. We also found out that
a good Engine could be
used for much more than simply for scanning.
Please give us your ideas an feedback or advices if you have any. Below
is the first idea
text i did for the airwrecker.
P.S. We also search some perl developers that can do networkporgramming
for that projet.
I allready start to write the Basic probe module.
Greetings
Max Moser
-------------------------------------------------------------
Airwrecker -- A multi purpose wireless tool
--------------------------------------------------------------
The idea:
The airwrecker is a flexible and extensible wireless tool. It is
something between
Wellenreiter/Kismet, Snort, Airsnort and Ethereal. Airwrecker is
designed as a client
server architecture. Each functionality consists of its own server,
which does its own job well.
Modules of which Airwrecker should consist of:
Airprobe:
This is a simple sniffer, modelled on the lines of tcpdump. It must have
the following features:
- Packet verifier (validate the checksum of the packet)
- A bpf filter (or other type of filtering support).
- A packet redirector (send to file/other NIC/reporting GUI)
Desirable features:
- Support for all wireless rfmon able cards.
- Multicast support.
- Report to multiple clients
GUI/viewer:
-This is a reporting module independent of the packet capturing module.
It should be possible for
the viewer to be supporting multiple reporting probes, and for it to be
a console app, or a X app.
WEP module:
- This module will be designed specifically to crack WEP packets.
String matcher:
- This is a simple pattern matcher. It is designed to be used like
dsniff or ngrep, looking for
specific patterns in the cleartext sent to it. It is not required to
support binary data, but
only plain text.
IDS module:
- This is an advanced version of the string matcher, and should be able
to handle complex regular
expressions, and binary data. So it should act like an intrusion
detection system.
Alerting:
- This module generates alerts for the user. Both the string watcher and
IDS modules report to
this module, which should be configurable to report via syslog, mail,
viewer. This module is
separate because it is complex.
Others:
- Possible other modules are ones for locating a transmitter via
triangulation for MAC addresses.
The base architecture is designed to be easily extensible and other
developers should not have
a problem with extending airwrecker.
Please let me know what you think about that and ideas for other
modules.
Greetings Max
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT