Wireless security: Pringles peril

Tracking down wireless hackers is getting easier, but there are still bugs to work out.

It is surprisingly easy to become a wireless LAN hacker with the prevalence of tools available for free download.

OK, perhaps the term "hacker" is loosely applied here as some of the tools are so easy to drive that you actually need very little real knowledge to be an expensive nuisance. Using some of these tools and calling yourself a hacker is closely akin to calling yourself a master painter when you use paint-by-numbers.

Human ingenuity means that the would-be hacker does not even need to be in your immediate vicinity: the original Pringles Can shotgun antenna is a wonderful example, featuring a gain of 12 to 15dB -- with a clear line of site you can be quite a few kilometers away from your target WLAN. There are of course improvements on this design and I found one enterprising Tim the Tool Man who managed to mount a small USB WLAN dongle in a stainless steel 30cm diameter Chinese noodle strainer to build himself a pretty sweet high-gain dish antenna.

So I guess with one of these sniffing out your network it would be a bit much to expect that AirDefense or AirMagnet's rogue location tracking would accurately pin them down. We did have some interesting problems with both products during testing at the Lab for our review. As I noted in the article, our Lab is not very friendly towards radio signals, we actually carry out our wireless range testing outside of the Lab. Even mobile phones are a disaster inside the Lab, all the metal in the walls, roof, lift, and metallised tinted windows doesn't let a whole lot of signal through.

So in truth when we began the testing we wondered how the location tracking was going to fare with all the internal reflections bouncing around the Lab. At the end of the day our money was on the product that had the most rigorous calibration method -- this would hopefully go some way towards compensating for the reflections. Before I go on I should state that we have no doubt that in a typical office environment the products tested should prove to be quite accurate.

AirMagnet has no real calibration to speak of: you simply load the floor plan and draw rectangles in three different colours on the plan to represent open space, low-density offices and high density offices. This of course allows the software to work out signal propagation characteristics for the different areas. We did play around with this feature on our floor plan but were not able to significantly improve the accuracy of the software.

AirDefense on the other hand allows for quite detailed calibration runs. To calibrate your system you simply draw the calibration points on the floor plan and then run the calibration software on a notebook computer, stopping and running the short calibration routine at each of the points on the floor plan. Once the data is crunched (in theory at least) the location tracking software should be able to take a reasonable stab at locating rogues, particularly if they are located near the calibration points.

As the system plots the location of a designated rogue it draws multi-coloured probability curves about the rogue -- all very pretty to watch because sadly the software had decided the stationary AP was mobile and surprisingly energetic. The location dot and coloured probability curves ended were running up and down the Lab. Admittedly this was without processing and if you bother to monitor the signal strength of any AP it tends to vary significantly. Check out the article for more information.

Steven Turvey is Lab Manager for the independent testing performed for Technology & Business magazine. Send feedback to tandb@zdnet.com.au.

This article was first published in Technology & Business magazine.
Click here for subscription information.