WiFi Guard

Discussion in 'other firewalls' started by Pinga, Dec 2, 2012.

Thread Status:
Not open for further replies.
  1. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    http://www.softperfect.com/products/wifiguard/
     
  2. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Looks to be an interesting tool and free :)
     
  3. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    837
    Location:
    Québec, Canada
    Cool, thanks!
    It has a Linux version too!
     
  4. BrandiCandi

    BrandiCandi Guest

    Interesting. Looks to be pretty simple- it probably does a periodic nmap scan and then emails you if you have new devices attach.

    If you use this, don't forget that the wii /xbox/etc. will attach to wifi. My wii attaches with a seemingly random name like fjir493qu8jjnv, which makes identifying it difficult.
     
  5. iammike

    iammike Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    276
    Location:
    SE Asia
    If you save it to the list as an "known" device, it saves the MAC Address and not the name. Look in the file: "WiFiGuard.xml"
     
  6. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    run airodump-ng and you can see the mac's of clients connected to an ap. lord help us if someday you can disconnect a client and spoof a mac to get around that mac whitelist.

    oh wait.

    either way, not a bad tool to have
     
  7. JohnBurns

    JohnBurns Registered Member

    Joined:
    Jul 4, 2004
    Posts:
    454
    Location:
    Oklahoma City
    Pinga, thanks for posting - very useful. I have a home network with 3 pc's and this is something I had wished for repeatedly. Appreciate the link.
     
  8. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Interesting...but a little bit useless. Few days ago I have corresponded with Andrew Kotov (SoftPerfect Research support service) and asked him is it possible block untrusted devices and by this way deny it access to our machine...unfortunately NO. Similar feature but with blocking access we have ie. in Online Armor in tabs "Interfaces" and "Computers List" in firewall module. I asked also about blocking like in PeerBlock where we have IP adress of blocked connection...in WFG we have so...no answer yet but I hope maybe will be? :)
    At this time WFG is app something like "reputation tool"...nothing more...it's a pity. :doubt:
     
  9. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    Well you can not block a wifi signal and this tool is not about blocking, but to let you know, if something is wrong, so you take actions to fix it, like to change a password. It is actually better, because if there is a blocking tool, a hacker would always find a way around it, but a passive scanning tool is a non-intrusive way, which he could overlook.
     
  10. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    OK..thanks for your explanation but I expected that this tool will be much useful...at this time - as I consider - it's useful only at home, office, work and only when you have "own" network with one or more known devices and only when you have access to change the password. But what about your shool...study...travel...where you want to use your own device but you haven't impact on settings of network? I expect that you will see many devices but what next? How consequences will be if you trus or distrust some device? What will happen?
     
  11. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    If you're bringing an AP with you for set up a network while traveling just make sure you can specify in advance which macs can connect. If your AP doesn't support this, get an new AP. It eventually becomes logistically impossible to assign access based on mac w/ large networks thus reducing protection to just keys.

    obviously, on a home or work network thats not enormous (or has wifi devices cleared by an IT dpt) your dhcp server should be assigning ips based on mac address anyway denying everything else while using WPA2 keys. keep in mind its still possible to crack/strip the keys disconnect a client, spoof the mac and connect but the time involved is longer vs other methods.

    whatever you do, do NOT use an AP that has WPS enabled bc cracking the thing is trivial.

    when in doubt, never use wifi.
     
  12. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Hmm...probably I didn't expect such answer :) I try maybe in other way:
    - what profit give me WFG if I use it at home?...can I see...only see...detected devices and then trust/distrust them, and next change the network password?...or maybe something more?
    - what profit could give me WFG when I would be away from home?...are there some?
     
  13. addi6584

    addi6584 Registered Member

    Joined:
    Jan 3, 2012
    Posts:
    58
    Location:
    United States
    for home it's not a bad tool to have to see if a device other than something you're familiar with connects to you. ie if you have 3 devices and suddenly a 4th one shows up you can turn off wifi. just kep in mind this isn't fool proof to discover an unauthorized devices has been added for reasons i outlined above

    i dont know if wifi guard will allow you to trust/untrust specific devices, i havent tried the ap

    most people dont set up an AP away form home but instead connect to someone elses network (a hotel for example). wifi guard doesn't apply in that situation.
     
  14. BrandiCandi

    BrandiCandi Guest

    Others have answered the first part, I'll summarize. It's intrusion DETECTION, not intrusion PREVENTION.

    Regarding the second question, if it's not your wifi network then you shouldn't care what devices are connected to it. On a public wifi network you should blanketly distrust all other connected devices anyway. The only time I would see it useful is if you were sharing your own wifi connection with other computers. This tool is for the owner of the wifi network.
     
  15. ichito

    ichito Registered Member

    Joined:
    Jan 14, 2011
    Posts:
    1,486
    Location:
    Poland - Cracow
    Good conclusions and confirm my earlier doubts and speculations...thanks all :thumb:
     
  16. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Well I don't see any point to this if you use MAC protection!

    So if you're rotuer has MAC authentication enabled so only those on the MAC list can gain access and others closed out, I'd really like to know how someone is going to by pass this and gain access?
     
  17. snerd

    snerd Registered Member

    Joined:
    Dec 8, 2007
    Posts:
    71
    Location:
    U.S.A.
    I'm not smart enough to tell you why or how, but spoofing a MAC address is supposedly easy for some folks.
     
  18. BrandiCandi

    BrandiCandi Guest

    Exactly. It takes one line in the terminal to change your MAC address.
     
  19. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    Sorry if this is a stupid question, but how would an attacker know which MAC address he needs to change his to, in order to gain access to my protected AP? Unless he had physical access to my laptop (the only wireless device in the household) i assume he can't just guess its MAC address.

    I'm having a hard time trusting my wireless is actually secure even with WPS disabled, a very strong WPA2 password and MAC filtering enforced. I get a weird itch to check the logs every now and then.
     
  20. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    If I'm correct MAC adress is sent in plain text when connecting to a network, so an attacker could sniff the MAC if he waits long enough, but I'll let others confirm it.
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
  22. rottenbanana

    rottenbanana Registered Member

    Joined:
    Jul 25, 2008
    Posts:
    51
    Location:
    -30?C
    It's that easy huh? :blink: Even someone with my modest skills could do that.

    They still face WPA2 encryption even with a spoofed MAC, though. Better hope a 20-digit 108-bit pass is good enough. Thanks for the info.
     
  23. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Thats correct main line of defense is WPA2 the rest (MAC, visibility, etc) is just cosmetics easily bypassable.
     
Thread Status:
Not open for further replies.