Monday, December 18, 2017

HOWTO : Wifi Intrusion Detection Without Tears

Wifi everywhere! When you are using wifi no matter it is a public or private hotspot, you are at the risk of being attacked.

When access point and client communicate, they will carrying out a four-way handshake in which the encrypted passphrase will also be transmitted between them. When attacker captures the four-way handshake, the encrypted passphrase is also captured in which it can get the passphrase by wordlists brute forcing.

However, we do not know the one who at the building or parking lot opposite your home or office is a hacker. Fortunately, we can inspect the suspicious or malicious packets in the air, it is the tool namely WAIDPS which stands for Wireless Auditing, Intrusion Detection and Prevention System.

You can leave this tool running and it will report back if there is any suspicious activity in the air near you. You can even fight back to the attacker. However, in my opinion, it is too late for that as the attacker may already have your encrypted passphrase with the four-way handshake.

If you observe any attack such as deauthentication, you can reset your passphrase to a stronger one in order to stop the attack on your wifi router.

By the way, MAC address filtering and hidden SSID mean nothing to attacker. The best way to defense is to have a very strong passphrase.


[1] WAIDPS - Wireless Auditing, Intrusion Detection and Prevention System
[2] Kali Linux

That's all! See you.