September 3, 2002

Wireless chaff

Black Alchemy has just released Fake AP, a set of perl scripts that allow a Linux box with 802.11b card to spew out thousands of fake 802.11b beacon frames.  Essentially, this is a wireless form of chaff, a common military defensive weapon that succeeds by fooling an attacker to attack a fake target.

Of course, this may give common tools like AirSnort and NetStumbler a headache, but still does not stop a determined attacker - as long as someone is legitimately using the real AP, their packets (with the correct SSID) will appear in a statistically significant sample of packets. 

Still, it may be a useful part of a multi-tiered security model, as described in my last entry.  It will certainly deflect most script kiddies and other people driving by just cruising for a connection.  But then again, why not just give those guests limited access to your net from the start? Posted by dsifry at September 3, 2002 3:36 PM | TrackBack | View blog reactions