Hackers of India

ANWI (All New Wireless IDS): The $5 WIDS

By  Rishikesh Bhide   Sanket Karpe  on 08 Aug 2018 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
ANWI

Abstract

ANWI is a new type of Wireless Intrusion Detection System which is based on a low cost WiFi module (ESP8266) and can be deployed at physical perimeter of the coverage area. It allows organizations which can’t afford expensive WIDS solutions to protect their networks at fraction of the cost involved.

ANWI provides three layers of protection: Detect the most commonly used WiFi attacks including Evil Twin, Jamming using de-authentication frames, attacks conducted using commonly used WiFi attack frameworks Block unauthorized WiFi Access Points created in organization premises Secure organizations AP by performing WiFi Geo-Fencing to prevent access outside of designated perimeter

ANWI supports standalone as well as managed mode for sending alerts. It also has ability to use separate radio for sending alerts as added resiliency.ANWI aims to fulfill the need of WIDS which is inexpensive yet can protect against most of the possible attacks. It is easy to setup and deploy and works on “fire and forget principle”. Once the sensors have been configured they can be deployed across the perimeter. The sensors send heartbeat signal and in case any of the sensors goes offline an alert is generated by server. The current production version includes all the above features.