IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

International Journal of Research in Information Technology (IJRIT) www.ijrit.com

ISSN 2001-5569

Rogue Access Point Detection and Counter Attack Using Internet Proxy Miss. Gaikwad Jyoti, Miss. Mandhare Ashvini, Miss. Garad Ashwini,Prof.Kiran Deshpande Dept. of Computer Engineering, Institute Of Knowledge College Of Engineering, Pune, India 2 Dept. of Computer Engineering, Institute Of Knowledge College Of Engineering, Pune, India 3 Dept. of Computer Engineering, Institute Of Knowledge College Of Engineering, Pune, India IOKCOE Pimple Jagtap, Pune India 1

[email protected],[email protected], [email protected]

Abstract Rogue devices are an increasingly dangerous reality in the insider threat problem domain. Industry, government, and academia need to be aware of this problem and promote state-of-the-art detection methods. Rogue access points, if undetected, can be an open door to sensitive information on the network. Many data raiders have taken advantage of the undetected rogue access points in enterprises to not only get free Internet access, but also to view confidential information. Most of the current solutions to detect rouge access points are not automated and are dependent on a specific wireless technology. In this paper, we present a rogue access point detection approach. The approach is an automated solution which can be installed on any router at the edge of a network. The main premise of our approach is to distinguish authorized WLAN hosts from unauthorized WLAN hosts connected to rogue access points by analyzing traffic characteristics at the edge of a network. Simulation results verify the effectiveness of our approach in detecting rogue access points in a heterogeneous network comprised of wireless and wired subnets Rogue Access Point detection is a two step process starting with discovering the presence of an Access Point in the network and then proceeding to identify whether it is a rogue or not.

Keywords: UAP, Sniffer, UUID (Unique User Identification), RAP (Rogue Access Point)

1. Introduction Rogue devices are an increasingly dangerous reality in the insider threat problem domain. Industry, government, and academia need to be aware of this problem and promote state-of- the-art detection methods. Our project is going to work: • To detect rogue access point • To avoid confidential information leakage Rogue access points, if undetected, can be an open door to sensitive information on the network. Many data raiders have taken advantage of the undetected rogue access points in enterprises to not only get free Internet access, but also to view confidential information. 1.1 Problem Statement Most of the current solutions to detect rouge access points are not automated and are de- pendent on a specific wireless technology. In this project, we present a rogue access point detection and elimination approach. Miss. Gaikwad Jyoti, IJRIT

232

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

1.3 Motivation This Methodology has the following outstanding properties: • It doesn’t require any specialized hardware. • The proposed algorithm detects and completely eliminates the UAPs from network. • It provides a cost-effective solution. Due to multiple master agents possibility of network congestion or delays is reduced. The proposed technique can block UAPs as well as remove them from the networks both in form of Unauthorized APs. 1.4 Approach • The approach is an automated solution which can be installed on any router at the edge of a network. The main premise of our approach is to distinguish authorized WLAN hosts from unauthorized WLAN hosts connected to rogue access points by analyzing traffic characteristics at the edge of a network. • Here the agent based approach is present not only to detect the rough access points but also their elimination from the wireless networks efficiently and with minimum cost involvement.

1.5 Result • Simulation results verify the effectiveness of our approach in detecting rogue access points in a heterogeneous network comprised of wireless and wired subnets. • It generates UUID individually for each machine to prevent the machine from hackers. • The problem of MAC address spoofing is eliminated.

2. Literature Review Literature survey is the most important step in software development process. Before developing the tool it is necessary to determine the time factor, economy n company strength. Once these things r satisfied, ten next steps are to determine which operating system and language can be used for developing the tool. Once the programmers start building the tool the programmers need lot of external support. This support can be obtained from senior programmers, from book or from websites. Before building the system the above consideration r taken into account for developing the proposed system. The master agent and slave agents are generated automatically, which are acts as major components for providing the security to wireless networks. These agents are continuously doing the process of networks scanning to capture the rough access points and eliminate them. This scanning is scheduled based on clock skews which are playing important role. A new rogue AP detection method to address this problem. Our solution uses a verifier on the internal wired network to send test traffic towards wireless edge, and uses wireless sniffers to identify rouge APs that relay the test packets. To quickly sweep all possible rogue APs, the verifier uses a greedy algorithm to schedule the channels for the sniffers to listen to. Master and slave agents are scanning the networks for any unauthorized access points using the skew intervals automatically. We calculate the clock skew of an AP from the IEEE 802.11. Time Synchronization Function (TSF) time stamps sent out in the probe response frames. Basically during the paper we are investigating the very recent approaches presented for elimination of fake access points from the wireless network.

3. Specific Requirements Functional Requirement • Client Application for User Authentication. • Reverse Proxy Server. • URL Monitoring Using Proxy Server. • Filter Application for URL, IPs, Ports, etc. Miss. Gaikwad Jyoti, IJRIT

233

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

• Admin / Server Monitoring.

Non-Functional Requirement • Secure access of confidential data (user’s details). • High Scalability. The solution should be able to accommodate high number of customers and brokers. Both may be geographically distributed • Flexible service based architecture will be highly desirable for future extension • Better component design to get better performance at peak time.

4. Existing System Most of the current solutions to detect rouge access points are not automated and are de- pendent on a specific wireless technology. For example, researchers have identified design laws in WEP, which can be easily exploited to recover secret keys. MAC address can also be spoofed by using some techniques.

5. Proposed Method 5.1 System Architecture

5.2 Main Module Miss. Gaikwad Jyoti, IJRIT

234

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

Proxy 1. 2. 3. 4. 5. 6.

All hosts have to go through proxy server Proxy will detect hosts MAC_ID, SSID, IP Address, Hard disc serial no and requested port no as per incoming requests. Host policies and rules are stored in the MYSQL database on proxy server Proxy will check the host policy and process the request accordingly. User gets the internet access if he is an authorized user otherwise gets the error message. Proxy Features are a. Allow/Deny Internet Access b. Block Incoming/Outgoing Ports c. Catch Machine Information d. Maintain user login information e. Detect Rouge Access Point • • • • •

Some of the different ways in which IT managers can populate the authorized list are: Authorized MAC Authorized SSID Authorized Vendor Authorized Media Type Authorized Channel

Proxy Admin 1. 2. 3. 4.

Admin can view login details. Admin can define rules for the host and allow/deny them for internet access. Admin can add ports to incoming/outgoing port list

Client 1. Login with your credentials 2. Set the proxy IP and port no in browser proxy Hit web URL to connect to.

6. UML Diagrams Class Diagram

Data Flow Diagram Miss. Gaikwad Jyoti, IJRIT

235

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

Sequence Diagram

7. Future Enhancement Project may be used on large areas such as 1. Industry 2. Organization • More security can be provided

8. Conclusion Miss. Gaikwad Jyoti, IJRIT

236

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

In this paper, we proposed system provides a friendly environment. Security is provided. This project is cost-effective. In this project we proposed a system which detected Rogue Access Point and eliminated this Rogue Points.RAP detection is automated process.

9. References 1. Ahmed Ayad Abdalhameed ,”Detecting and EliminatingRogue Access Points in IEEE- 802.11 WLAN Based on Agents Terminologyand Skew Intervals: A Proposal”,International Journal of Engineering and Advanced Technology (IJEAT), Volume-2, Issue-4, April 2013, ISSN: 2249 8958 2. Prof. S. B. Vanjale B.V.U.C.O.E., Bharati Vidyapeeth University College Of Engineer- ing, ”Distributed rogue access point detection in IEEE 802.11 wireless LAN using mobileagent”,LnternationalConferenceonAdvancedComputingTechnologies(ICACT2008) OrganizedbyGokarajuRangarajuInstituteof Engg. Technology,Hyderabad. 3. Mr. Ahmed Ayad Abdalhameed, ”Investigation: Elimination of Fake Access Points from WLAN Using Skew Intervals” ,International Journal of Advanced Research in Computer Science and Software Engineering ,Volume 3, Issue 5, May 2013,ISSN: 2277 128X 4. Gopinath K. N. Hemant Chaskar, A quick reference to Rogue AP security threat, Rogue AP detection and mitigation, 2009, AirTight Networks Inc. 5. Sachin Shetty, Min Song, Rogue Access Point Detection by Analyzing Network Traf- fic Characteristics. 6. Liran Ma, Amin Y. Teymorian, Xiuzhen Cheng, A Hybrid Rogue Access Point Pro- tection Framework for Commodity Wi-Fi networks 7. Hongda Yin, Guanling Chen, and Jie Wang ,”Detecting Protected Layer-3 Rogue APs” 8. Richard Stallman, ”A Practical Approach to Identifying and Tracking Unauthorized 802.11 Cards and Access Points ” 9. S. Shankar Sriram1, G.Sahoo, Detecting and Eliminating Rogue Access Points in IEEE-802.11 WLAN - A MultiAgent Sourcing Methodology. 10. IP Personality: a netfilter module to change characteristics of network traffic. 11. Nmap: Network mapper. 12 p0f: a versatile passive os fingerprinting tool. 13 A. Adya, P. Bahl, R. Chandra, and L. Qiu. Architecture and techniques for diagnosing faults in ieee 802.11 infrastructure networks. In MobiCom ’04, pages 30–44. ACM Press, 2004. 14.P. Bahl, R. Chandra, J. Padhye, L. Ravindranath, M. Singh, A. Wolman, and B. Zill. Enhancing the security of corporate wi-fi networks using dair. In MobiSys ’06, pages 1–14. ACM Press, 2006. 15. A. Balachandran, G. M. Voelker, P. Bahl, and P. V. Rangan. Characterizing user behavior and network performance in a public wireless lan. In SIGMETRICS ’02, pages 195–205. ACM Press, 2002. 16. R. Beyah, S. Kangude, G. Yu, B. Strickland, and J. Copeland. Rogue access point detection using temporal traffic characteristics. In GLOBECOM, 2004. 17.N. Borisov, I. Goldberg, and D. Wagner. Intercepting mobile communications: the insecurity of 802.11. In MobiCom ’01, pages 180–189. ACM Press, 2001. Miss. Gaikwad Jyoti, IJRIT

237

IJRIT International Journal of Research in Information Technology, Volume 2, Issue 4, April 2014, Pg: 232- 238

18. N. Cam-Winget, R. Housley, D. Wagner, and J. Walker. Security flaws in 802.11 data link protocols. Commun. ACM, 46(5):35–39, 2003. 19.M. K. Chirumamilla and B. Ramamurthy. Agent based intrusion detection and response system for wireless lans. In ICC ’03, pages 492–496, 2003. 20. M. P. F. Koushanfar, S. Slijepcevic and A. Sangiovanni-Vincentelli. Location discovery in ad-hocwireless sensor networks. Ad Hoc Wireless Networking. (editors X. Cheng, X. Huang and D.-Z. Du).

Miss. Gaikwad Jyoti, IJRIT

238

Rogue Access Point Detection and Counter Attack Using Internet Proxy

www.ijrit.com. ISSN 2001-5569. Rogue Access Point Detection and Counter Attack. Using Internet Proxy. Miss. Gaikwad Jyoti, Miss. Mandhare Ashvini, Miss.

718KB Sizes 2 Downloads 88 Views

Recommend Documents

Host based Attack Detection using System Calls
Apr 3, 2012 - This calls for better host based intrusion detection[1]. ... Intrusion detection is the process of monitoring the events occurring in a ... System Call in Linux ... Rootkits[2] are a set of software tools used by an attacker to gain.

Fred Reinfeld Attack And counter attack in chess.Pdf
desarrollando diferentes proyectos e ideas. Tenemos miembros .... Pdf. Fred Reinfeld Attack And counter attack in chess.Pdf. Open. Extract. Open with. Sign In.

Practical Floating-point Divergence Detection
ing 3D printing, computer gaming, mesh generation, robot motion planning), ..... contract is a comparison between signatures of outputs computed under reals ..... platforms. Their targeting problem is similar to the problem described in [22], and it

Simultaneous Vanishing Point Detection and Camera ...
For instance, for images taken in man-made scenes, without any 3D geome- tric information in Euclidean space, the spatial layouts of the scenes are very.

Information Warfare-Worthy Jamming Attack Detection ...
Apr 8, 2010 - it searches out all possible channels for a packet during a defined period of time, and having ..... s(i) = min [swl(i), sw(i)] and form tuple [e(i), s(i)].