Arduino LAN IP scanner + antihack

Did you see a new gadget or toy and start brimming with ideas? See something that has tons of potential? Discuss these thoughts here.

Arduino LAN IP scanner + antihack

Postby Polisalama » October 7th, 2014, 12:52 pm

Is it possible to make an Arduino network(LAN) scanner (with an appropriate shield) similar to programs such as http://www.nirsoft.net/utils/wireless_n ... tcher.html ? So you can detect unwanted IPs on your network without using a computer.

I am planning to build a system that would detect and contact me when an unauthorized device has connected to my computer(detection of hacking).
Polisalama
 
Posts: 1
Joined: October 7th, 2014, 12:52 pm

Re: Arduino LAN IP scanner + antihack

Postby st2000 » October 7th, 2014, 7:38 pm

You could go about it from the other end ... you could get a router that only allowed known MAC addresses to connect.
st2000
 
Posts: 1454
Joined: February 3rd, 2011, 6:10 pm

Re: Arduino LAN IP scanner + antihack

Postby UndeniablyRexer » October 15th, 2014, 11:46 pm

Is this for your home network, presumably wireless? The only security you really need is WPA2 with a strong password, and to disable WPS.

If you're set on having a dedicated device scanning your network, I would suggest getting a raspberry pi or similar, setting it up with some flavor of *nix, and installing the equivalent of the program you mentioned. This has the added benefit of a complete repository of packages, and a much more user friendly interface.

Doing some research, I highly suggest raspberry pi + http://www.raspbian.org/ + https://www.snort.org/
UndeniablyRexer
 
Posts: 6
Joined: October 15th, 2014, 10:56 pm

Re: Arduino LAN IP scanner + antihack

Postby st2000 » October 16th, 2014, 7:32 am

UndeniablyRexer wrote: https://www.snort.org/


Maybe this is obvious - but after spending 5, maybe 6 minutes on the snort.org page I could not find an explanation. How does the computer hosting the snort.org application "plug into" the network it is monitoring??

I say this because, well, most people use Switches these days. So, any computer hosting snort.org is only going to see packets ment for that computer or broadcast packtets ment for all computers. Any attack specifically targeting another computer would never been seen - the way I understand it.

Given this, I can only think of 1 solution to the OP's question. And that would be to run something like snort.org on the actual switch. I'm thinking the next stop going down this path is to install one of the open source switch/router software packages (like OpenWRT) on an appropriate switch/router box and use it for all traffic in and out of the house. Now you have a box that can see everything and in theory monitor all packets no matter where they are going.

Edit (added later)...

Ug, after all that and now I see you were only interested in the wireless part. And the utility you pointed to is really only listing the connected devices. I don't see any indication that it is looking for malicious behavior:
Wireless Network Watcher is a small utility that scans your wireless network and displays the list of all computers and devices that are currently connected to your network.


Ok, so, do you have an Android phone? If you do, go find "Fing" in the app store and download it. Connect your phone to your WIFI and run Fing. It should go out, search for and list all connected devices. Not only the WIFI but also the LAN connected devices.

---

As for the Arduion, the Atmel processor used in an Arduino Uno is generally not powerful enough to handle all the Ethernet overhead. That's why the Arduino Ethernet shield is so expensive (WRT other shields). It likely has it's own more powerful processor. But if all you are wanting to do is "ping" every possible address (256 of them) on a subnet like "Fling" or "Wireless Network Watcher" ... I believe this is possible. See, this is why we have not been discussing the Arduino - because an Arduino will likely not be able to work fast enough to catch malicious attacks. But pinging address can be done slowly and an Arduino should be able to keep up with that.
st2000
 
Posts: 1454
Joined: February 3rd, 2011, 6:10 pm

Re: Arduino LAN IP scanner + antihack

Postby UndeniablyRexer » October 16th, 2014, 8:56 am

Honestly, I've never used Snort, I just know it's popular tool for what he's trying to do. I like your idea of a switch/router running Snort on top of OpenWRT or similar.

I should mention, though, no one does this. If you're worried about people accessing your wired network, you secure the site. If you're worried about people accessing the wireless network, you use a strong password, WPA2, with no WPS, and you isolated the wired and wireless networks. If you're worried about people breaking into your network from the WAN, you get a firewall with monitoring capabilities. Having a device on your network scanning all packets is somewhat useless without some form of pattern recognition.
UndeniablyRexer
 
Posts: 6
Joined: October 15th, 2014, 10:56 pm

Re: Arduino LAN IP scanner + antihack

Postby Spy007Dj » January 25th, 2016, 9:50 am

Or use Software MyWifi Works Perfect Lan an Wifi. On my system I Run 60 some Computers and it detects any new connection
to the network.
Spy007Dj
 
Posts: 3
Joined: August 13th, 2014, 8:40 am

Re: Arduino LAN IP scanner + antihack

Postby xorpunk » February 16th, 2016, 2:38 pm

Yes it's possible. Grab the ARP table and monitor it at interval..

Doing SYN scan is too delayed and they could just drop packets or patch table with MITM. You COULD do it calculating off subnet mask though. You probably have a class C range.

You better handle IPV6 too..
xorpunk
 
Posts: 6
Joined: September 25th, 2012, 10:07 am

Re: Arduino LAN IP scanner + antihack

Postby ss4925802 » April 5th, 2016, 7:47 am

I agree with the second comment about that ...
ss4925802
 
Posts: 2
Joined: April 5th, 2016, 7:23 am


Return to The new gadget brainstorm pit

Who is online

Users browsing this forum: No registered users and 1 guest