Presented at
DEF CON 16 (2008),
Aug. 9, 2008, 10 a.m.
(50 minutes).
Although it's not something new at all, network administrators are still facing (and having to deal) with old problems and threats. One of these problems is to be able to detect rogue and/or fake access points in their networks and surroundings. The current solutions available are mostly commercial and/or proprietary, but we haven't seen yet any open-source tool that implements specifically WIDS capabilities. We would like to introduce to DefCon: Beholder. The talk will include a brief introduction on the general state of the commercial WIDS tools and evolution of wireless attacks, and will be mostly focused on the Beholder project. Beholder is an C language opensource tool available (for now) for linux platforms, and it can be used for any available 802.11 technology a nic card may support, and it isn't driver dependent, run in all available linux wifi drivers. The tool does some, of course, some basic network scanning, but also implements some simple (but cool) stuff, that some of the commercial tools don't have. The presentation will cover details about that tool, future features, scenarios to be implemented, examples, and a demo (yep, demo at DefCon) of malicious AP/tools in action and how beholder can be used to detect it.
Presenters:
-
Nelson Murilo
- Security Researcher
Nelson Murilo has been a Network Security Analyst since 1992. He is the author of two network security books in Portuguese, regular contributor of the Brazilian Computer Emergency Response Team security guides and technical papers and a regular speaker at security conferences in Brazil and abroad. Nelson is the author and co-author of open source security tools such as:
* chkrootkit - locally checks for the presence of a rootkit
* Btsearch - tool developed to find bluetooth hidden devices
Luiz 'effffn' Eduardo has over 15 years of experience working with network security, and, for the past 6 years has been mostly dedicated to wireless security, protocol fuzzing and computer incident response. He is somewhat known in the scene for planning, implementing and supporting wireless networks in security conferences, like DefCon, BlackHat, Computer Chaos Congress, Shmoocon, Layerone, etc. He's one of DefCon networking team goons and has spoken previously at Shmoocon, DefCon, Toorcon, Hack in the Box Malaysia and other cons. Luiz currently holds the following certifications: CISSP, CWNE, CEH, GCIH and GISP, and has probably being able to get them due to long flights around the globe and flight delays in airports (thanks, United!)
Both Nelson and Luiz are some of the organizers of the conference: you sh0t the sheriff, which takes place in in Sao Paulo, Brazil.
-
Luiz Eduardo / effffn
- Security Researcher
as Luiz 'effffn' Eduardo
Nelson Murilo has been a Network Security Analyst since 1992. He is the author of two network security books in Portuguese, regular contributor of the Brazilian Computer Emergency Response Team security guides and technical papers and a regular speaker at security conferences in Brazil and abroad. Nelson is the author and co-author of open source security tools such as:
* chkrootkit - locally checks for the presence of a rootkit
* Btsearch - tool developed to find bluetooth hidden devices
Luiz 'effffn' Eduardo has over 15 years of experience working with network security, and, for the past 6 years has been mostly dedicated to wireless security, protocol fuzzing and computer incident response. He is somewhat known in the scene for planning, implementing and supporting wireless networks in security conferences, like DefCon, BlackHat, Computer Chaos Congress, Shmoocon, Layerone, etc. He's one of DefCon networking team goons and has spoken previously at Shmoocon, DefCon, Toorcon, Hack in the Box Malaysia and other cons. Luiz currently holds the following certifications: CISSP, CWNE, CEH, GCIH and GISP, and has probably being able to get them due to long flights around the globe and flight delays in airports (thanks, United!)
Both Nelson and Luiz are some of the organizers of the conference: you sh0t the sheriff, which takes place in in Sao Paulo, Brazil.
Links:
Similar Presentations: