Hi there once again :-) After we did develop the Wireless-scanner "Wellenreiter" (http://www.remote-exploit.org, the team remote-exploit.org found some difficulties in Implementing all the desired features and did think about a more modular way to do it. We also found out that a good Engine could be used for much more than simply for scanning. Please give us your ideas an feedback or advices if you have any. Below is the first idea text i did for the airwrecker. P.S. We also search some perl developers that can do networkporgramming for that projet. I allready start to write the Basic probe module. Greetings Max Moser ------------------------------------------------------------- Airwrecker -- A multi purpose wireless tool -------------------------------------------------------------- The idea: The airwrecker is a flexible and extensible wireless tool. It is something between Wellenreiter/Kismet, Snort, Airsnort and Ethereal. Airwrecker is designed as a client server architecture. Each functionality consists of its own server, which does its own job well. Modules of which Airwrecker should consist of: Airprobe: This is a simple sniffer, modelled on the lines of tcpdump. It must have the following features: - Packet verifier (validate the checksum of the packet) - A bpf filter (or other type of filtering support). - A packet redirector (send to file/other NIC/reporting GUI) Desirable features: - Support for all wireless rfmon able cards. - Multicast support. - Report to multiple clients GUI/viewer: -This is a reporting module independent of the packet capturing module. It should be possible for the viewer to be supporting multiple reporting probes, and for it to be a console app, or a X app. WEP module: - This module will be designed specifically to crack WEP packets. String matcher: - This is a simple pattern matcher. It is designed to be used like dsniff or ngrep, looking for specific patterns in the cleartext sent to it. It is not required to support binary data, but only plain text. IDS module: - This is an advanced version of the string matcher, and should be able to handle complex regular expressions, and binary data. So it should act like an intrusion detection system. Alerting: - This module generates alerts for the user. Both the string watcher and IDS modules report to this module, which should be configurable to report via syslog, mail, viewer. This module is separate because it is complex. Others: - Possible other modules are ones for locating a transmitter via triangulation for MAC addresses. The base architecture is designed to be easily extensible and other developers should not have a problem with extending airwrecker. Please let me know what you think about that and ideas for other modules. Greetings Max ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Aug 06 2002 - 07:38:21 PDT