Study of Honeypots: analysis of WiFi_Honeypots and Honeypots tools.
A wireless local area network (WLAN) links two or more devices using some wireless distribution method (typically spread-spectrum or OFDM radio), and usually providing a connection through an access point to the wider Internet. An Evil Twin hotspot is a Wi-Fi access point set up by a hacker or cybercriminal. Such a hotspots provides free Wi-Fi access to its clients. Hackers and/or cybercriminals create Evil Twin hotspots to steal passwords or cookies. Example:- laptop battery charger of LG is not same as dell or some other companies. There may have some variations. Likewise, signal strengths of fake APs and Genuine APs may be different. The Evil Twin hotspot owner may attempt to boost his or her hotspot's signal strength so that it overpowers the legitimate one. Airsnarf is a simple rogue wireless access point setup utility designed to demonstrate how a rogue AP can steal usernames and passwords from public wireless hotspots. Our work is to prevent session hijacking from fake access point. The session hijacking attack can be generally performed by using honey pots. Wireless IDS (WIDs) will sniff your surrounding air traffic for suspicious activities such as WEP/WPA/WPS attacking packets.
Honeypot can't prevent a particular intrusion or spread of virus or worm. It collect information and detect attack patterns. It is a tool to collect evidence or information and to gain as much as knowledge as possible especially on the attack patterns. In Fake_AP, hackers create a TRAP to steal or sniff secret information such as passwords and other valuable informations. Honeypot mimic web_server to TRAP hackers. Honeypot is a TRAP set to detect attempts at unauthorized access to a system. Honeypot would capture and collect all attempts of hacker. Honeypot catch hackers while they are in network and to redirect hackers to the honeypot system. It can be good chose for information gathering. Honeypots classified as two. They are production and research honeypot. Based on interaction level honeypots classified as three. They are high interaction level, medium interaction level, low interaction level. Gain network access, hackers can do two options. They are
Brute force and password guessing. Some of the hackers use honeypots to sniff the SSIDs in order to conduct a SSID_spoofing. Main aim of Rogue_AP is to conduct MiM attack and sniffing wireless network traffic. Instead of guessing the passwords, hackers use sniff passwords from the information exchange.
Session Hijacking Scenario:
User : Arun
Use web browser
"Hello server, this is my user name password".
Is this correct?
facebook server: if(user==valid)
Send message with one session id:
valid user + unique session id
Intruder collected all data for future use within the session.
Sign of Honey-pots:
Unusual services and ports open meant to attract attackers and it may be a trap or honey-pot. If there is a lot of free space on the hard drive it may be honey pot. If you see directories with names such as "Credit_card_numbers", "admin_password", "social security number" etc. it may be a honeypot.
Hemanshu et al. (2013) proposed beacon frames generated by access point depends on the quality of the access point and beacon frames received by the legitimate user will also varies according to the climatic conditions. Authors fixed a threshold number of beacon frames received by the receiver according to the climatic conditions and on the basis of access points quality. If the number of received beacon signals in fixed time slot will be less than the threshold value. The received number of beacon signals also varies according to the climate conditions and quality of access point. The threshold value also varies accordingly. The fake access points act as honey pot and used to gather network information. If the fake access points are detected which will work like a honey pot then session hijacking could be prevented.
Taebeom et al. (2012) proposed a novel fake AP detection method to solve the aforementioned problems in the client-side. The method leverages received signal strengths (RSSs) and online detection algorithm. They analyzed based on fixed and optimal threshold values. In their assumption fixed threshold value was 2 and they identified the true positive was over than 99% and the false positive was less than 0.1% in three observations.
Hao Han et al. (2011) proposed a practical detection scheme based on the comparison of Receive Signal Strength (RSS) to prevent users from connecting to rogue APs. The basic idea of their solution is to force APs (both legitimate and fake) to report their GPS locations and transmission powers in beacons. Based on such information, users can validate whether the measured RSS matches the value estimated from the AP's location, transmission power, and its own GPS location. A rogue AP is a malicious AP that pretends to be a legitimate AP to induce users to connect. In a vehicular network, rogue APs can be classified into two categories are static and mobile. Vehicular rogue AP is assumed to be launched in a car with two wireless interfaces. The first interface pretends to be a valid AP, and the other interface is used to connect to Internet. The GPS location indicates the AP's coordinates in the form of a latitude-longitude pair.
Keijo Haataja et al. (2011) proposed two new Man-In-The-Middle (MITM) attacks on Bluetooth Secure Simple Pairing (SSP). Bluetooth is a technology for short range wireless data and realtime two-way audio/video transfer providing data rates up to 24 Mb/s. Bluetooth devices that communicate with each other form a piconet. The device that initiates a connection is the piconet master and all other devices within that piconet are slaves. Security levels classified are Silent (The device will never accept any connections), Private (The device cannot be discovered, i.e. it is a so-called non-discoverable device), Public(The device can be both discovered and connected to. It is therefore called a discoverable device). They provided a comparative analysis of the existing MITM attacks on Bluetooth.
Chang-Lung Tsai et al. (2009) proposed novel intrusive behavior analysis scheme based on ant colony algorithm. The behavior of intrusion is detected by an intrusion detection module and analyzed based on Ant colony optimization algorithm. And developed honey pot for intrusive behavior analysis, misuse and some attacking such as probe, DoS, DDoS, R2L (remote to local), U2R (User to Root), evading IDS are performed. Authors worked on different capability of intruders.
Suman Jana et al. (2009) proposed clock skew of a wireless local area network access point (AP) to detect unauthorized APs quickly and accurately. The main goal behind using clock skews is to overcome one of the major limitations of existing solutions--the in ability to effectively detect Medium Access Control (MAC) address spoofing. Authors concluded that the use of clock skews appears to be an efficient and robust method for detecting fake APs in wireless local area networks. Setting up fake APs is not hard. Therefore, detecting unauthorized APs is a very important task of WLAN intrusion detection systems (WIDSs). Authors explored the possibility of using clock skews to uniquely identify different devices participating in a wireless ad hoc network. All nodes in an ad hoc network must broadcast beacon packets periodically containing time stamps according to their own clock. The time stamps in these beacon packets are meant for synchronizing the clocks of all nodes. Each participating device periodically synchronizes its clock using the beacon time stamps it receives, by applying a clock synchronization algorithm that ensures the monotonicity of each node's clock. Authors explained the detailed view about Beacon generation and Clock synchronization in IEEE 802.11 ad hoc networks. Authors mentioned one algorithm that used to detect fake APs based on clock skews.
Ionut Constandache et al. (2010) implemented CompAcc on Nokia N95 and 6210 phone models using Python as the programming platform. The main idea of CompAcc is to leverage the mobile phone's accelerometer and electronic compass to measure the walking speed and orientation of the mobile user. Updates are necessary because WiFi access points change over time as people shift in/out of apartments, homes and offices. Evaluation results demonstrated that CompAcc achieves average localization accuracy of around 11m, even in areas without WiFi. Operation of CompAcc clearly explained by authors.
Iyatiti Mokube et al. (2007) discussed about types and interaction levels briefly. They mentioned 'honeytokens' which is already defined by Spitzner. 'honeytoken' is a fake digital entity that can have many different applications. The use of a 'honeytoken' such as a fake login can help in tracking the activities, and determining the actions, capabilities and intentions of, a malicious intruder. And they discussed about factors, legal issues and challenges, advantages, privacy, entrapment, disadvantages, liability.
Konstantinos Pelechrinis et al. (2012) proposed and analysed a honeypot venue-based solution, enhanced with a challenge-response scheme, that flags users who are generating fake spatial information. Honeypot venues (HV), which are attractive to the cheaters. Authors proposed system for identifying possible cheating users. In brief, gamer cheaters are attracted by venues that can facilitate their goal for as many as possible virtual rewards. Monetary cheaters are clearly attracted by venues that offer special deals. Their work deals with the detection of cheating users with regards to the generated check-ins, it is also important for the location-based service provider to decide what measures it should take against them. Authors proposed a novel scheme for detecting fake check-ins in location-based services. Proposed system is based on the primitives of honeypots. As compared to other possible solutions (e.g., location proofs and secure localization) it possesses the advantage that it can be solely deployed by the location-based service provider without the need for trusted third party entities.
Thorsten Holz et al. (2005) presented several methods to detect suspicious environments. The term honeypot usually refers to an entity with certain features that make it especially attractive and can lure attackers into its vicinity. Authors discussed several ways to fingerprint current honeypot related technologies.
Nathalie Weiler, (2002) presented a system that helped in the defence in depth of a network from DDoS attacks. In addition to state-of-art active and passive security defences, they proposed a honeypot for such attacks. Author described a promising tool for luring attackers into the belief of a successful DDoS attack. Authors mentioned two different views of honeypots with diagram. Trinoo was the first widely known DDoS tool. It uses TCP to exchange control data between the attacker and the master attack host. The compromised slaves are controlled though UDP messages. These then operate an UDP flooding attack on the victim. And showed how such a system can be used in a defence in depth real-world network environment. And also identified different problems with the current realisation and provided first solutions to cope with the scalability of the honeypot.
Prajakta Shirbhate et al. (2012) presented a proactive defense scheme based on Honeypot security system (HPSS). They proposed an improved approach based on Intruder Detector System (IDS) which enhances the security of cyber. Their focused area is honeypot security for e-banking. Honeypots have been used to detect or capture the activity of outsider or perimeter threats. Honeypot security system (HPSS) keep the records of action performed by intruder i.e. which data he is downloading, sites he is visiting. And they described about the advantages of honeypot. Authors categorized some major activities involved are IP address tracing, Psychometric test and Captcha image. In IP address tracing, once person logins into the system first of all IP address is noted down. In this, both the IP tracing as well as Login test is performed. If he fails to login for couple of times he will be entered into the fake system. In security systems which are present currently there will be denial of service if a person fails to login for defined iterations. Psychometric test was performed to detect that is the person a regular and real customer or a hacker hacking other person's account. Captcha image is used to check whether the logged person is a person or machine.
Charles Bruno, (2006) evaluated wireless intrusion prevention systems. And the author described about Rogue AP detection and prevention. once a rogue is identified a WIPS should be able to disconnect clients from the rogue AP.A WIPS also should be able to detect and prevent multiple clients from accessing multiple rogue APs. Tolly group tested scenarios.
Collin Mulline et al., (2011) developed HoneyDroid, a smartphone honeypot for the Android operating system using the QEMU-based Android emulator. They employed virtualization to create system logs that are complete enough to replay an attack. In HoneyDroid, Android is not allowed to access hardware directly. This setup is similar to ReVirt, which is implemented by (G. W. Dunlap et al.). In difference to ReVirt which is based on a monolithic kernel, they built on a microkernel, which reduced the trusted computing base of the honeypot by orders of magnitude.
Radhika Goel et al., (2013) presented a general framework for wireless honeypot systems that encompasses a broad range of honeypot architectures, and categories previous systems according to that framework, highlighting the results of those projects. The results show that though an array of wireless honeypot models exists, none of them is able to provide full protection in real-time environment. The existing Wireless Honeypot Systems and Tools are WISE, KPMG's Wireless Honeypot, Proactive WIDS, Deceptive Wireless Honeypot, HoneySpot, Wireless Tools(Honeyd and Fake AP). Analysed based on 5 parameters. That are 'architecture', 'deception/detection system', 'depolyment technology', 'testing scanario', 'results of project'. And authors implemented honeypot framework. Online analysis is based on matching with existing rules. And authors described several architectures of different attacks.
A Technical Whitepaper AirMagnet, (2004) described about Rogue Devices and Business Risks with neat diagram. The term Rogue is used to refer to all unauthorized wireless devices. Rogue discovery plays an important role throughout this process. They mentioned to create a baseline list of untrusted APs and their characteristics, including MAC address, ESSID, channel, signal-to-noise ratio (SNR), and approximate location. Baseline is the main term used in IDS. To detect such malicious activities use their AirMagnet Enterprise Rogue Management Console.
N. Provos, (2004) presented Honeyd, a framework for virtual honeypots, that simulated a virtual computer systems at the network level. This paper provided a brief overview of the design and implementation of Honeyd, a daemon that simulated the TCP/IP stack of operating systems to create virtual honeypots. Honeyd supports TCP, UDP and ICMP. It listens to network requests destined for its configured virtual honeypots. Honeyd receives traffic for its virtual honeypots via a router or Proxy ARP. For each honeypot, Honeyd can simulate the network stack behavior of a different operating system. Honeyd mimics the network stack behavior of operating systems to fool fingerprinting tools like Nmap.
A. Galante et al., (2009) implemented a BlueBat: Towards Practical Bluetooth Honeypots. BlueBat is an effort to build and deploy a practical honeypot for capturing in the wild samples and empirically study malware prevalence. Described the design and implementation of a first prototype, focused on Bluetooth worms propagating over the OBEX Push service.
Kuo Fong Kao et al., (2014) implemented An Accurate Fake Access Point Detection Method Based on Deviation of Beacon Time Interval. Among various rogue APs, a fake AP with fully forging the SSID and MAC address of a legitimate AP is the hardest thing to detect and the highest probability of causing security breach. They proposed an algorithm that is based on the 'interval',' serial number', and 'timestamp of beacons'. And they proposed to synchronize the sequence numbers and timestamp of both legal and fake APs and able to identify whether a fake AP exists or not.
Xiaobo Long et al., (2010) proposed a mechanism for detecting session hijacking attacks in wireless networks. The proposed scheme is based on using a wavelet based analysis of the received signal strength. They developed a model to describe the changes in the received signal strength of a wireless station during a session hijack, while the received signal is embedded in colored noise caused by fading wireless channels. An optimal filter is then designed for the purpose of detection. The detection mechanism is validated using both simulation and experimental results.
Fake access point or wifi honeypots creation tools in kali linux:
First of all we need "Wireless antenna" for analysis work. Company: "Alpha"
--> Which intentionally created exact the same as real.
--> start wlan0 on monitor mon0
--> airmon-ng start wlan0
--> Creating wifi honeypots
--> /usr/bin/wifi-honey <essid> <channel> <interface>
--> /usr/bin/wifi-honey fake_ap 6 mon0
-->where essid --> name of fake access point
--> Download "Easy-creds" from source forge.
--> Set alpha wireless antenna card
--> tar -xvf <file_name.gz>
--> cd easy-creds/
--> Do necessary steps.
--> 6 modules
* Airbase_NG: Multi-purpose tool aimed at attacking clients as opposed to the Access Point (AP) itself. It cracks WEP and WPA keys using dictionary attacks.
* SSL Strip: sslstrip is an SSL stripping proxy, designed to make unencrypted HTTP sessions look as much as possible like HTTPS sessions.
* Ettercap: Ettercap is a free and open source network security tool for man-in-the-middle attacks on LAN.
* Dsniff: Dsniff is a set of password sniffing and network traffic analysis tools.
* URL Snarf: Sniffs an interface for HTTP traffic and dumps any URLs, and their originating IP address.
* DMESG: dmesg (display message or driver message) is a command on most Linux- and Unix-based operating systems that prints the message buffer of the kernel.
--> If anyone established our Fake_AP, his/her plaintext passwords can be visible to the attacker.
--> Download "Pwnstar.tgz"
--> tar -xvf <PwnStar.tgz>
-->We can see so many options .
--> But our analysis work mainly focused on "First_option".
-->Honey-pot: Get the victim onto your Access Point, then use nmap. And do necessary steps.
-->Kali_linux ->Wireless Attacks -->Wireless Tools -->fern-wifi-cracker
Wifi honeypots discovery tools:
Hotspot is the places where wireless network is available for public use. Access point is used to connect wireless devices to a wireless network. Access points are configured to broadcast SSIDs to authorized users. To verify authorized users, password is required. SSID broadcasting is a major problem that allows attackers to steal an SSID and have the AP assumes they are allowed to connect. Wired Equivalent Privacy (WEP) is a WLAN client authenticating and data encryption protocol. WiFi Protected access (WPA) is an advanced WLAN client authenticating and data encryption protocol using TKIP, MIC and AES encryption. Wireless access points are specially configured nodes on WLANs. SSID is a Service Set Identifier and is the name of WLAN. War Walking Attackers walk around with Wi-Fi enabled laptops to detect open wireless networks. WarChalking is used to draw symbols in public places to advertise open Wi-Fi networks. In WarDriving, attackers drive around with Wi-Fi enabled laptops to detect open wireless networks. In WarFlying, attackers fly around with Wi-Fi enabled laptops to detect open wireless networks.
Rogue access point is used for creating open backdoor into trusted network by installing an unsecured AP. A rogue access point is an unauthorized access point in a wireless network. Attackers typically deploy these access points to sniff important data on the network. Attackers can also use rogue access points to hijack user sessions on the wireless network. After identifying the access point in the network, the next step is to verify whether or not the identified access point is a rogue access point. Investigator has to check MAC_address, Vendor, SSID, Signal_strength.
Detecting Wireless Access Points:
Manual: To detect WAPs, the investigator has to physically visit the area. He or she can then use techniques to detect the Wireless Access Points.
Active Scanning: Broadcasting a message and waiting for a response from devices in the range.
Passive Scanning: Identifies the presence of any wireless communication.
Next option is to use vulnerability scanners. Excellent example is Nessus.
Tools for Detecting Wireless Lan:
Net Stumbler, Mini Stumbler, In SSIDer, Kismet, Kis MAC, I-Stumbler, Wifi explorer, Wifi Hopper, Retina WiFi Scanner, Wireless Mon, Wireless NetView, Wireless Network Watcher, Xirrus-Wi-Fi-monitor, OutSSIDer, Wireless Scanner, WiFi Channel Scanner, WiFi Hotspot Scanner, Portable WiFi Network Monitor, WiFi Guard, Wave Stumbler, SSID Sniff for Linux, Wi-Finder, WiFi Stumbler, Wellenreiter wireless penetration tool.
aircrack_ng, SSID Sniff for Linux.
Wireless Bandwidth Leakage:
We had given brief idea about fake access point and we had mentioned some important tools in daily life of investigators in digital forensics. We mentioned about honey pots and wifi honeypots. Intruders create fake access points for session hijacking or password sniffing or cookie stealing or sniffing SSIDs. In this paper, we analysed '27-WiFi Honeypot discovery tools' and '13 Normal Honeypot tools'. Our analsysis work is based on parameters. In Wifi honeypot discovery, our analysis work is based on 5parameters ('Software_name', 'vendor', 'aim', 'uses', 'OSs'). In normal honeypot discovery, our analysis work is based on 5 parameters ('Software_name', 'vendor, Main package(s) & Port numbers', 'aim', 'uses', 'OSs'). Before analysis we categorized the wifi honeypot tools. We made a literature survey about 20 related papers. And we explained about fake access point creation and steps in Kali Linux (Forensics).
Received 3 September 2014
Received in revised form 30 October 2014
Accepted 4 November 2014
A Technical Whitepaper Air Magnet, 2004."Best Practices for Rogue Detection and Annihilation",
Air Magnet and Tools", International Journal of Network Security.
Chang-Lung Tsai, Chun-Chi Tseng, Chin-Chuan Han, 2009. "Intrusive behavior analysis based on honey pot tracking and ant algorithm analysis", Security Technology International Carnahan Conference.
Charles Bruno, The tolly Group, 2006. "Evaluating wireless intrusion prevention systems", The Tolly Group.
Collin Mulliner, Steffen Liebergeld, and Matthias Lange, 2011."Poster: HoneyDroid--Creating a Smartphone Honeypot", IEEE.
Galante, A., A. Kokos, S. Zanero, "BlueBat: Towards Practical Bluetooth Honeypots", IEEE.
Hao Han, Fengyuan Xu, C.C. Tan, Yifan Zhang, Qun Li, 2011."Defending against vehicular rogue APs",
Hemashu Kamboj, Gurpreet Singh, 2013."Fake Access Point Detection and Prevention Techniques", Journal of P2P Network Trends and Technology (IJPTT). INFOCOM, IEEE.
Ionut Constandache, Romit Roy Choudhury, Injong Rhee, 2010. "Towards Mobile Phone Localization
Iyatiti Mokube and Michele Adams, 2007."Honeypots: Concepts, Approaches, and Challenges", ACM.
Keijo Haataja and Pekka Toivanen, 201L"Two practical man-in-the-middle attacks on Bluetooth
Konstantinos Pelechrinis, Prashant Krishnamurthy, Ke Zhang, 2012. "Gaming the Game: Honeypot Venues Against Cheaters in Location-based Social Networks", arXiv.
Kuo Fong Kao, Wen Ching Chen, Jui Chi Chang; Heng Te Chu, 2014, "An Accurate Fake Access Point Detection Method Based on Deviation of Beacon Time Interval", IEEE.
Nathalie Weiler, 2002. "Honeypots for Distributed Denial of Service Attacks", IEEE.
Prajakta Shirbhate, Vaishnavi Dhamankar, Purva Deshpande & Smita Kapse, 2012. "Honeypot Security System For E-Banking", Undergraduate Academic Research Journal (Uarj).
Provos, N., 2004. "a virtual honeypot framework", USENIX Security Symposium.
Radhika Goel, Anjali Sardana and R.C. Joshi, 2013. "Wireless Honeypot: Framework, Architectures secure simple pairing and countermeasures", Wireless Communications, IEEE.
Suman Jana and Sneha K. Kasera, 2009. "On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews", IEEE.
Taebeom Ki, Haemin Park, Hyunchul Jung, Heejo Lee, 2012. "Online Detection of Fake Access Points Using Received Signal Strengths", Vehicular Technology Conference (VTC Spring), IEEE.
Thorsten Holz and Frederic Raynal, 2005. "Detecting Honeypots and other suspicious environments", IEEE. without War-Driving", Technical Program at IEEE INFOCOM.
Xiaobo Long, B. Sikdar, 2010. "A mechanism for detecting session hijacks in wireless networks", IEEE.
(1) Poonkuntran. S and (2) Arun Anoop M
(1) Professor, Velammal College of Engineering and Technology, Madurai-09, Tamilnadu, India
(2) Assistant Professor, MES Engineering College, Kuttipuram, Malapuram (Dt.), Kerala, India
Corresponding Author: Dr. Poonkuntran, S., Professor, Velammal College of Engineering and Technology, Madurai-09, Tamilnadu, India, E-mail: email@example.com.
Table 1: Analysis of WiFi Honeypot/Fake AP discovery tools Softwarename Vendor Aim  Net Stumbler www.nestumbler.com Is a tool for windows facilitates detection of wireless LAN. Marius Milner  Mini Stumbler www.nestumbler.com Is a tool for window's facilitates detection of wireless LAN.  InSSIDer Meta Geek, LLC Is a tool for WiFi Written in C. network scanning. www.inssider.com  Kismet www.kismetwireless. Is a tool for net Wireless monitoring. Written in C++ Mike Kershaw  Kis MAC www.kismac-ng.org Is a tool for Wireless Network Discovery.  Aircrack-ng www.aircrack-ng.org Is a tool for Packet Written in C sniffing. Christopher Devine then Thomas d'Otreppe.  I Stumbler www.Ismmbler.net Is a tool for AlfWatt finding wireless network and devices.  NetSpot www.netspotapp.com Is a tool for Wireless bandwidth leakage.  Wifi www.wifiexplorer.net Is a tool for Explorer Adrian G. Wireless network scanning.  Wifi Hopper www.wifihopper.com Is a tool for network discovery.  Retina www.softpedia.com Is a tool for WiFi Scanner checking the status of WiFi networks.  Wireless www.softpedia.com Is a tool for Mon network information.  Wireless www.softpedia.com Is a tool to show NetView all detected WiFi hotspots.  Wireless www.softpedia.com It is designed to Network Watcher display all connected computers to your wireless network.  Xirrus www.softpedia.com Displays the Wi-Fi Monitor. surrounding Wi-Fi networks  OutSSIDer www.softpedia.com outSSIDer offers a simple software solution that still lend you a hand if you want to connect to a ttireless access point on the go.  Wireless It is a commandline Scanner application that enables users to view all available ttireless connections in their network.  WiFi wwtv.softpedia.com WiFi Channel Scanner Channel protides users with Scanner a simple means of detecting all available ttireless netsvork connections in their area.  WiFi www.softpedia.com Displays the nearest Hotspot WiFi networks that Scanner you can connect to.  Portable tvwtv.softpedia.com It can conduct an WiFi Network extensive scan on a Monitor WiFi network in order to detect potential intruders.  WiFi svww.softpedia.com Scans the network Guard for any nets' connected devices that could possible belong to an intruder.  Wave http:.www.cqure.net WaveStumble r is Stumbler tools08.html used for gathering basic information from the access point.  SSED http:.wwtv.bastard.  Discover access Sniff for net~kos.wifi points and save the Linux captured traffic.  Sniffer  Wi-Finder http:wiki. Boingo Wi-Finder androidforum.cz will help you find index.php WiFin der thousands of free and Boingo hotspots around the world.  WiFi http: download. Meraki WiFi Smmbler Smmbler cnet.com is a web based wireless network scanner and monitoring tool.  Wellenreiter http: sourceforge. Wellenreiter is a wireless net projects GTK Perl program penetration tool. wellenreiter that makes the discovery.  AirCheck http://www. Wireless Network Wi-Fi Tester. flukenetworks.com/ Tester. Softwarename Uses Operating system  Net Stumbler  Sniffing: Window's Listens for 9X,2000,XP available data transmission while communication between users.  Finding MAC addresses of an AP.  War driving.  Option for finding WEP encryption status.  Detecting rogue AP.  Mini Stumbler  Sniffing: Window's CE Listens for available data transmission while communication between users.  Finding MAC addresses of an AP.  War driving.  Option for finding WEP encryption status.  Detecting rogue AP.  InSSIDer  Gather Window's, information from APPLE OS X wireless card and software.  GPS Support.  Kismet  Packet sniffer. Linux, Free IDS. BSD, Mac OS X.  Network detector. Client can rim on windows.  Kis MAC  Reveals hidden Mac OS X SSIDs.  Show's MAC addresses, IP addresses, Signal Strengths of clients.  GPS Support.  Aircrack-ng  WPA and WEP Linux:windows. cracker and analysis tool.  WEP encryption key recovery.  I Stumbler  Find wireless MAC OS X network and devices with Bluetooth enabled Mac computers.  Detection of open wireless networks.  NetSpot  WiFi signal Mac OS X strength booster.  Test wireless network speed.  Wifi  Wireless OSX network analyser. Explorer  Wifi Hopper  Network Window's, discovery and site Linux survey.  GPS Support.  Retina  Search for Windows WiFi Scanner available ip addresses.  Update discovery timeout and retry' intervals.  Wireless  Gather detailed Windows. Mon information about wireless network detect in our area.  Check 'signal strength','channel' coverage area'.  Wireless  Show' previous Window's NetView 'signal quality','SSID', 'authentication algorithm','MAC address','channel frequency', ' chann el number' etc.  Wireless  Scan ip Windows. Network Watcher addresses also.  Display all connected computers  Xirrus  Displays data Window's. Wi-Fi Monitor. such as 'connection status', 'IP address' and ' MAC',' adapter' and even current and past signal strength'.  Reveals the security level.  OutSSIDer outSSIDer Windows. automatically attempts to connect to any open access point that comes within range as you walk down the streets hunting for WiFi.  Wireless Wireless Scanner Windows. Scanner does not require installation, so you can drop the executable file in any location on the hard drive and call its process from a Command Prompt window.  WiFi show's the 'name', Windows. Channel channel', 'signal' Scanner 'quality',' authentication' and cipher algorithms', along with the 'MAC address' for each network found nearby.  WiFi Display the found Window's. Hotspot connections, along Scanner with their name, 'Security Type', 'Signal', 'Channel', 'Physical Type', 'MAC Address' and 'Last Detected' time.  Portable It is a network Windows. WiFi Network scanner. Monitor  WiFi shows the 'name', Linux. Guard 'channel', ' signal quality', 'authentication' and cipher algorithms', along with the 'MAC address' for each network found nearby.  Wave  Console based Linux Stumbler 802.11 network mapper for Linux.  Gathering information from the access point like 'channel', 'WEP 'ESSID (Extended Sendee Set Identifier)', 'MAC' etc.  SSED  Access points Linux Sniff for discovery. Linux  SSID Sniffing  Wi-Finder Actively searches windows for Wi-Fi hotspot signals and alerts you when one is found.  WiFi Uses your computer's windows Smmbler Wi-Fi antenna to scan local access nodes.  Wellenreiter uses for penetration Windows. wireless and auditing. penetration tool.  AirCheck It is a handheld Windows. Wi-Fi Tester. device to test your current WLAN security settings. Table 2: Analysis of Honeypot tools Software Name Vendor, Main Aim package(s) & port_ details 1) Honeyd ->www.honeyd.org Real time logging ->Require activities WinPcap (free packet capture architecture for windows) 2) KFSensor ->www.keyfocus.net Real time logging ->77 preconfigured activities ports (58 TCP ports & 19 UDP ports) 3) SPECTER ->www.specter.com Real time logging ->Emulate 14 Oss. activities ->Emulate 11 non malicious network services. ->Emulate Trojan horse ports. 4) ARGOS ->www.few.vu.bl/ Real time argos/ logging activity Framework 5) BACK OFFICER ->www.guardiansof Real time Justice.com/diablo/ logging Frames/Fileutil.htm activities ->Emulate services (eg: -smtp, telnet..) 6) GHH (Google ->www.ghh. Real time Hack Honeypot) sourceforge.net logging activities ->Emulate vulnerable web application by allowing itself to be indexed by search engines. 7) HIHAT (High ->www.hihat. Real time Interaction sourceforge.net logging Honeypot activities Analysis Toolkit) 8) HoneyBot ->Open over 1000 Real time (Medium UDP & TCP ports. logging Interaction activities level) ->Sockets mimic vulnerable services. When an attacker connects to these services they are fooled into thinking they are attacking real services. ->www.atomicsoft- waresol Utions.com/ honeybot.php 9) KIPPO ->code.google. SSH Honeypot (Medium com/kippo Interaction level) 10) Glastopf ->github.com/ Collect glastopf information about web ->Emulate 1000s of application. vulnerabilities to gather data from attacks targeting web application. 11) Omnivora ->sourceforge.net/ Collect (Low Interaction projects/omnivore malwares level) ->Written in Borland Delphia 12) Honey Bow ->sourceforge.net/ Honeypot Sensor (High projects/honeybow Interaction level) ->Released under the name of mwcollect.org, can be integrated with nepenthes sensor. 13) Honey Drive ->sourceforge. Honeypot net/projects/ honeydrive ->Contains over 10 pre-installed and preconfigured honeypot software packages. Software Name Vendor, Main Uses package(s)&port_ details 1) Honeyd ->www.honeyd.org Useful for capturing an ->Require WinPcap intruders (free packet initial capture architecture investigations. for windows) 2) KFSensor ->www.keyfocus.net Understand the importance of ->77 preconfigured alerts and ports (58 TCP ports logging. & 19 UDP ports) 3) SPECTER ->www.specter.com Can enable/ disable ports ->Emulate 14 Oss. or services. ->Emulate 11 non malicious network services. ->Emulate Trojan horse ports. 4) ARGOS ->www.few.vu.bl/ Identify and argos/ produce remedies for worms & attacks. 5) BACK OFFICER ->www.guardiansof Ability to alarm Justice.com/diablo/ when attacker is Frames/Fileutil.htm at our doorknob. ->Emulate services (eg: -smtp, telnet..) 6) GHH (Google ->www.ghh. Allowing itself Hack Honeypot) sourceforge.net to be indexed by search engines. ->Emulate vulnerable web application by allowing itself to be indexed by search engines. 7) HIHAT (High ->www.hihat. Automatically Interaction sourceforge.net scans for known Honeypot attacks. Analysis Toolkit) 8) HoneyBot ->Open over 1000 Safely capture (Medium UDP & TCP ports. all communication Interaction With the attacker level) ->Sockets mimic and logs for vulnerable services. future analysis When an attacker connects to these services they are fooled into thinking they are attacking real services. ->www.atomicsoft- waresol Utions.com/ honeybot.php 9) KIPPO ->code.google. Designed to log (Medium com/kippo brute force Interaction attacks. level) 10) Glastopf ->github.com/ Collect glastopf information about web application ->Emulate 1000s of based attacks vulnerabilities to like SQL injection, gather data from Local and remote attacks targeting file inclusion web application. attacks. 11) Omnivora ->sourceforge.net/ Collect autonomous (Low Interaction projects/omnivore spreading malwares. level) ->Written in Borland Delphia 12) Honey Bow ->sourceforge.net/ Honeypot Sensor (High projects/honeybow Interaction level) ->Released under the name of mwcollect.org, can be integrated with nepenthes sensor. 13) Honey Drive ->sourceforge. Honeydrive also net/projects/ includes a suite honeydrive of tools for analysis, ->Contains over 10 forensics, pre-installed and monitoring. preconfigured honeypot software packages. Software Name Vendor, Main OSs package(s)&port_ details 1) Honeyd ->www.honeyd.org Windows & Linux ->Require Niels Provos WinPcap(free packet (Unix/Linux capture architecture Version) for windows) Michael Davis (Windows Version) 2) KFSensor ->www.keyfocus.net Windows based honey pot IDS ->77 preconfigured ports(58 TCP ports & 19 UDP ports) 3) SPECTER ->www.specter.com windows ->Emulate 14 Oss. ->Emulate 11 non malicious network services. ->Emulate Trojan horse ports. 4) ARGOS ->www.few.vu.bl/ windows argos/ 5) BACK OFFICER ->www.guardiansof windows Justice.com/diablo/ Frames/Fileutil.htm ->Emulate services (eg: -smtp, telnet..) 6) GHH (Google ->www.ghh. windows Hack Honeypot) sourceforge.net ->Emulate vulnerable web application by allowing itself to be indexed by search engines. 7) HIHAT (High ->www.hihat. windows Interaction sourceforge.net Honeypot Analysis Toolkit) 8) HoneyBot ->Open over 1000 windows (Medium UDP & TCP ports. Interaction level) ->Sockets mimic vulnerable services. When an attacker connects to these services they are fooled into thinking they are attacking real services. ->www.atomicsoft- waresol Utions.com/ honeybot.php 9) KIPPO ->code.google. Linux (Medium com/kippo Interaction level) 10) Glastopf ->github.com/ windows glastopf ->Emulate 1000s of vulnerabilities to gather data from attacks targeting web application. 11) Omnivora ->sourceforge.net/ Windows (Low Interaction projects/omnivore level) ->Written in Borland Delphia 12) Honey Bow ->sourceforge.net/ Linux Sensor (High projects/honeybow Interaction level) ->Released under the name of mwcollect.org, can be integrated with nepenthes sensor. 13) Honey Drive ->sourceforge. Linux net/projects/ honeydrive ->Contains over 10 pre-installed and preconfigured honeypot software packages.
|Printer friendly Cite/link Email Feedback|
|Author:||Poonkuntran, S.; Arun, Anoop, M.|
|Publication:||Advances in Natural and Applied Sciences|
|Date:||Oct 1, 2014|
|Previous Article:||Hybrid genetic algorithm approach for mobile robot path planning.|
|Next Article:||Detection and mitigation system for routing attacks in BGP.|