Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Scanning and Jamming wireless

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Posts
    36

    Default Scanning and Jamming wireless

    This is a hypothetical and (very much) theoretical idea.

    I was wondering how possible it would be to jam WNICs in, say, a corporation. Let me give you a run down of the theory:

    The AP's and laptops/desktops are sinked to run a through a pattern of channels, 1024 times before it is repeated (perhaps more, if possible). The WNICs run software that allows them to change channels in sync with the AP's. They could scan at a rate of 1 channel per 1 or less seconds.

    Meanwhile, AP jammers are running the same pattern, but jamming every channel except the one which the ap's are broadcasting, preventing a would-be hacker from locking onto the channels, and therefore divining the patterns.

    Mind you, this would be on a corporate campus, where the jammers would not interfere with neutral AP's.

    I just thought this up after having a few beers and thinking about radio jamming intervention that America invented during WW2. I'm not nearly skilled enough to actually create such a thing, and I've not heard any talk of a system in existence, or the feasibility of such a defense system.

    But, I thought I'd throw it out there for someone with more experience with wireless communication than I to consider.

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Hmmm... Thinking of Heddy Lemar?

    Actually, Frequency Hopping Spread Spectrum (FHSS) is part of the original 802.11 standard. There are 79 individual channels, that are only 1 Mhz wide. Therefore, the total speed is only 2MHz. The frequency pattern is predefined. The only major difference from what you're proposing is that there is no counter jamming on the "unused" frequency.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Junior Member
    Join Date
    Feb 2008
    Posts
    36

    Default

    Well, I was thinking the full wireless channels. 6, 8, 11, etc. Well aware of how spread spectrum works, but I was hoping AP's could do this without breaking connection with clean wireless clients. That is, those people who should have access to the network. There are a few challenges I've thought of. Hopefully I'll remember them tomorrow, so I can dive a little further in depth.

  4. #4
    Junior Member
    Join Date
    Jan 2007
    Posts
    97

    Default

    Just one doubt - what is exactly the point in protecting a network in such a way? Frequency-hopping systems designed to impede jamming and/or detection use a very wide range of frequencies (sometimes running all the way from HF to SHF), and have hop patterns that are synced between radios on the net. Some military examples of this are HAVE QUICK, SATURN and SINCGARS.

    In the case of WiFi, you have a limited number of channels on which to hop, which renders the technique almost totally ineffective. On b/g networks, an attacker would need 13 adapters to listen simultaneously on all channels, and some software to piece things together. Alternatively, receivers such as the SDR-14 can take a 30MHz chunk of RF space and process it all at once, with software doing the demodulation and decoding.

    If you want to protect your network, you could for example use 802.1x, and this would not need some very complex development both on router firmware and a PC-based client to do the hopping.

    Cheers,

    Mother
    In God we trust, all others we monitor

  5. #5
    Junior Member MrWrong's Avatar
    Join Date
    Jan 2008
    Posts
    34

    Default

    I'm seeing a problem with this too. You'd be limiting the AP to only 1 client when implementing the jamming asychronously.

    When doing it synchronously you'd have all kinds of headaches dealing with clock drift and any synch pulse could be overheard making it easier to crack.
    Wrong place
    Wrong time
    Wrong woman

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    SINCGARS-like Wifi... would be a lot of fun trying to program the synchronization algorythms
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    Junior Member
    Join Date
    Feb 2008
    Posts
    36

    Default

    It would be a challenge, yes. But we aren't in IT because it's easy, right?

    The idea was more to prevent unauthorized devices from connecting to the network. If the military wanted in, they would probably kick down the door and toss in a flashbang. I'm hoping someone with 13 wireless cards would be spotted setting up shop as well.

    In all honesty, this is more of a "what if" than anything else. I know the channel limit sucks quite a bit, but I like the idea of shutting down all unauthorized WNICs in a given area. Of course, there are more problems, such as:

    Running a jammer for b/g would potentially block other devices that communicate on the 2.4ghz range, such as cellphones

    Once the pattern is sniffed out or leaked, a really expensive, difficult to implement jamming system is just a really expensive toy, all the devices and controllers have to be resync'ed with a different pattern

    programs may not like the channel hopping, and packet loss could be high, or disconnects frequent.

    So, yeah, its not exactly an end all/do all answer, but if it could be somehow streamlined for native implementation, it may be good for an additional layer of protection.

    As far as sync'ing, what if there was a preamble at intervals that announced the controller's time? Or maybe just a packet with a bit of data in it? that way, if the controller is drifting a few ms off, it can recalibrate on the fly?

    Again, just an idea I was tossing around in my head.

  8. #8
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Nice idea. However, I think you'll find in the US that jamming anything is illegal. FCC
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

  9. #9
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by GunMonkey View Post
    Running a jammer for b/g would potentially block other devices that communicate on the 2.4ghz range, such as cellphones
    Cellphones operate in the 850/900/1800/1900 MHz range. Some 3Gs are in the 2.5 GHz range. But there is nothing that I know of in the 2.4 GHz range.

    You might be thinking of Bluetooth.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  10. #10
    Junior Member
    Join Date
    Jan 2007
    Posts
    97

    Default

    There are tons of stuff in 2.4GHz, as it's an ISM unlicensed band. You can find Zigbee, Bluetooth, remote controls, cordless phones, medical devices, wireless video cameras, amateur radio TV...it really is a crowded space.

    Cheers,

    Mother
    In God we trust, all others we monitor

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •