WLAN-FORBIDDER
 
Catalog
Presention
    WLAN-FORBIDDER system provides wireless packets capturing and decoding functions. It also prevents and denies (cut-off) illegal wireless connection. The W-DETECTIVE subsystem of WLAN-FORBIDDER can scan/capture the communications between wireless station (STA) and access point (AP), and decode the captured raw data (wireless packets) to application layer format according to the communication protocol. The WLAN-FORBIDDER subsystem of WLAN-FORBIDDER will identify unauthorized AP, and deny any wireless connection between wireless STA and the unauthorized AP.
 
    WLAN-FORBIDDER system can prevent and deny wireless STA inside a company to connect illegally (without authorization) to the AP that does not belong or authorized by the company, no matter the AP is reside inside or outside the company area. WLAN-FORBIDDER can scan the wireless signals in air and manage to locate the unauthorized APs, capture, analyze, and decode the information (sent/ received) by the unauthorized APs, and prevent STAs from the company to connect to the unauthorized APs. Therefore, it prevents company confidential information from leakage.
 
    WLAN-FORBIDDER uses wireless network card to capture the wireless signal and information transfer through the air, and the positioner of WLAN-FORBIDDER identifies the orientation of STA and AP. Furthermore, the interpreter of WLAN-FORBIDDER decodes the communication protocol between STA and AP. WLAN-FORBIDDER can be connected to Decision Computer E-Detective product for information exchange, and configured data base to become an integration system in information capturing and decoding both in wireless or wired surveillance system.
 
WLAN-FORBIDDER
WLAN-FORBIDDER subsystem can analyze and identify whether a wireless STA has connected to a wireless network (AP) illegally, and WLAN-FORBIDDER will function to deny or cut off the illegal connection. The following are the specifications of WLAN-FORBIDDER:
 
  • Analyze illegal wireless connection of different wireless standards 802.11, 802.11a, 802.11b and 802.11g.

  • Provide legal or authorized AP registration and delete registered AP functions.

  • Ability to analyze MAC Address, IP Address, and fake MAC Address, fake IP Address functions.

  • Provide at least two directional antennas equipment, which can quickly locate the direction and approximate the location of the source of wireless device; simultaneously it provides the wireless internet coverage/connection from 10-50 meters range.

  • Provide decryption of Wired Equivalent Privacy (WEP) software. If WEP key is known in advance, therefore while capturing and recording, the system can decrypt the captured raw data to application layer format in real time. Besides, for captured data with unknown WEP key, the system has to capture enough raw data and manually/automatically crack the WEP key.

  • Identify the targeted wireless station and the AP it connected to and the wireless workstation location.

  • Provide optional interface which could support settings of ESSD, BSSID, IP and timing alternation offer system manager.

  • Identify the location of the unauthorized AP.

  • When the wireless workstation connects legally and successfully to the AP, all communication information can be captured and decoded by WLAN-FORBIDDER.

  • When any wireless station is detected to connect to rogue AP, it issues a warning message to the administrator and starts capturing and decoding, as well as to forbid and cut off the connection according to the predefined rules.

  • To prevent illegal connection, the system can act as the STA which illegally communication to the AP, then informs the unauthorized AP to stop or cut off the connection. To emit noisy signals to STA and/or AP is another method to prevent illegal connection.
 

W-DETECTIVE
W-DETECTIVE subsystem has the following functions: wireless packets capturing, wireless packets decoding and information retrieving, and collection information exporting. Below are the specifications of W-DETECTIVE:
 
Wireless Packet Capturing
  • Scanning and capturing of wireless packets with different standards which included 802.11, 802.11a, 802.11b and 802.11g.

  • Provide at least two directional antennas equipment, which can quickly locate the direction and approximate the location of the source of wireless device; simultaneously it provides the wireless internet coverage/connection from 10-50 meters range.
  • Provide raw data file stored in tcpdump format. The raw data file can be divided and stored into certain size according to date, time, and file size.

  • The raw data file is captured in standard tcpdump format which can easily read and analyze by packet analyzer software such as Ethereal.

  • Allow user to burn out the raw data file into CD-ROM and DVD.

Wireless Packets Decoding and Information Retrieving

  • Provide retrieving function for captured raw data.

  • Provide importing of raw data file in tcpdump format into the system and decode the raw data file.

  • Provide decryption of Wired Equivalent Privacy (WEP) software. If WEP key is known in advance, therefore while capturing and recording, the system can decrypt the captured raw data to application layer format in real time. Besides, for captured data with unknown WEP key, the system has to capture enough raw data and manually/automatically crack the WEP key.

  • Allow user to set filtering condition based on his/her requirement which includes MAC address, port number, source and destination address, username or account name for emails, Instant Message (IM) and etc.

  • Decode the following communication protocols to application layer format with real content, IP address, date and time etc:

    • HTTP: Includes all browsing Web pages, sender and receiver addresses of Web Mail (YAHOO, Hotmail, Hinet, Seednet, URL, PCHome, Sina, Yam) and attachment.

    • POP3/SMTP: Sender and Receiver user accounts (usernames), passwords, content (including header part) and attachment.

    • FTP: Account name (username) and password, original upload and download files.

    • TELNET: Account name (username) and password.

    • Instant Messages: Include MSN 5.0, 6.0, 6.1, YAHOO Messenger, ICQ, QQ, AOL Messenger etc. One to one conversation or multiple people chatting contents and file transfer.

    • MSN and YAHOO VOIP/ Webcam: Voice and video communication contents and source and destination addresses.

    • Analyze and decode other communication protocols: By communication port classifications.

    • After decoding the raw data, it allows to retrieve the application layer information by search conditions according to IP, date and time, type of communications, communications content; Furthermore event search contents of emails' attachment, files uploaded to and downloaded from FTP, and file transfer from IM. The search string will be high light at the retrieved results.

    • Warning function: When the system detects any predefined violate conditions, it will send message and email to the administrator and user.

Collecting information exporting
  • The decoded application layer information can be searched by IP, date and time, type of communication, content of communication, and the results can be exported for further applications.

  • Every search result can be exported to one directory which includes raw data, the contents of application layer.

  • Exported information is in .iso format and can be burn to CD-ROM and/or DVD.

The System Specifications
  • Provide mobility package in order to be able to carry around inside the company, and be able to carry inside a moving car.

  • The system has firewall function to protect the attacking from outside. It also provides access capability.

  • User can remotely access and control the system.

  • User can use web browser to explore the decoded result.

  • Can record and analyze raw data file in ethereal format.

  • Operating language in traditional Chinese, simplified Chinese, English and other languages.

  • Can connect to E-Detective product for information exchange, and configured data base to become an integration system in information capturing and decoding both in wireless or wired surveillance system.