Discussion in 'other firewalls' started by Pinga, Dec 2, 2012.
Looks to be an interesting tool and free
It has a Linux version too!
Interesting. Looks to be pretty simple- it probably does a periodic nmap scan and then emails you if you have new devices attach.
If you use this, don't forget that the wii /xbox/etc. will attach to wifi. My wii attaches with a seemingly random name like fjir493qu8jjnv, which makes identifying it difficult.
If you save it to the list as an "known" device, it saves the MAC Address and not the name. Look in the file: "WiFiGuard.xml"
run airodump-ng and you can see the mac's of clients connected to an ap. lord help us if someday you can disconnect a client and spoof a mac to get around that mac whitelist.
either way, not a bad tool to have
Pinga, thanks for posting - very useful. I have a home network with 3 pc's and this is something I had wished for repeatedly. Appreciate the link.
Interesting...but a little bit useless. Few days ago I have corresponded with Andrew Kotov (SoftPerfect Research support service) and asked him is it possible block untrusted devices and by this way deny it access to our machine...unfortunately NO. Similar feature but with blocking access we have ie. in Online Armor in tabs "Interfaces" and "Computers List" in firewall module. I asked also about blocking like in PeerBlock where we have IP adress of blocked connection...in WFG we have so...no answer yet but I hope maybe will be?
At this time WFG is app something like "reputation tool"...nothing more...it's a pity.
Well you can not block a wifi signal and this tool is not about blocking, but to let you know, if something is wrong, so you take actions to fix it, like to change a password. It is actually better, because if there is a blocking tool, a hacker would always find a way around it, but a passive scanning tool is a non-intrusive way, which he could overlook.
OK..thanks for your explanation but I expected that this tool will be much useful...at this time - as I consider - it's useful only at home, office, work and only when you have "own" network with one or more known devices and only when you have access to change the password. But what about your shool...study...travel...where you want to use your own device but you haven't impact on settings of network? I expect that you will see many devices but what next? How consequences will be if you trus or distrust some device? What will happen?
If you're bringing an AP with you for set up a network while traveling just make sure you can specify in advance which macs can connect. If your AP doesn't support this, get an new AP. It eventually becomes logistically impossible to assign access based on mac w/ large networks thus reducing protection to just keys.
obviously, on a home or work network thats not enormous (or has wifi devices cleared by an IT dpt) your dhcp server should be assigning ips based on mac address anyway denying everything else while using WPA2 keys. keep in mind its still possible to crack/strip the keys disconnect a client, spoof the mac and connect but the time involved is longer vs other methods.
whatever you do, do NOT use an AP that has WPS enabled bc cracking the thing is trivial.
when in doubt, never use wifi.
Hmm...probably I didn't expect such answer I try maybe in other way:
- what profit give me WFG if I use it at home?...can I see...only see...detected devices and then trust/distrust them, and next change the network password?...or maybe something more?
- what profit could give me WFG when I would be away from home?...are there some?
for home it's not a bad tool to have to see if a device other than something you're familiar with connects to you. ie if you have 3 devices and suddenly a 4th one shows up you can turn off wifi. just kep in mind this isn't fool proof to discover an unauthorized devices has been added for reasons i outlined above
i dont know if wifi guard will allow you to trust/untrust specific devices, i havent tried the ap
most people dont set up an AP away form home but instead connect to someone elses network (a hotel for example). wifi guard doesn't apply in that situation.
Others have answered the first part, I'll summarize. It's intrusion DETECTION, not intrusion PREVENTION.
Regarding the second question, if it's not your wifi network then you shouldn't care what devices are connected to it. On a public wifi network you should blanketly distrust all other connected devices anyway. The only time I would see it useful is if you were sharing your own wifi connection with other computers. This tool is for the owner of the wifi network.
Good conclusions and confirm my earlier doubts and speculations...thanks all
Well I don't see any point to this if you use MAC protection!
So if you're rotuer has MAC authentication enabled so only those on the MAC list can gain access and others closed out, I'd really like to know how someone is going to by pass this and gain access?
I'm not smart enough to tell you why or how, but spoofing a MAC address is supposedly easy for some folks.
Exactly. It takes one line in the terminal to change your MAC address.
Sorry if this is a stupid question, but how would an attacker know which MAC address he needs to change his to, in order to gain access to my protected AP? Unless he had physical access to my laptop (the only wireless device in the household) i assume he can't just guess its MAC address.
I'm having a hard time trusting my wireless is actually secure even with WPS disabled, a very strong WPA2 password and MAC filtering enforced. I get a weird itch to check the logs every now and then.
If I'm correct MAC adress is sent in plain text when connecting to a network, so an attacker could sniff the MAC if he waits long enough, but I'll let others confirm it.
Easy reading here:
It's that easy huh? Even someone with my modest skills could do that.
They still face WPA2 encryption even with a spoofed MAC, though. Better hope a 20-digit 108-bit pass is good enough. Thanks for the info.
Thats correct main line of defense is WPA2 the rest (MAC, visibility, etc) is just cosmetics easily bypassable.
Separate names with a comma.