2016-11-27

Introducing wiconn: A text-based 802.11 wireless network manager for OpenBSD

When I switched back to OpenBSD as my primary daily-use operating system back in 2011, my biggest complaint was the lack of an easy-to-use tool for managing wireless networks. I only used maybe two or three different wireless networks daily. I just used a few shell scripts that statically configured the network card for each of these environments. Any time I'd go somewhere else, though, it would be a pain to manually configure it.

Almost exactly five years ago, I did something about it, and I called it wiconn.sh. Since I already had one-off scripts for my home and office networks, Wiconn started as a script to display open networks. It would display only the open ones, and prompt me for an SSID, and it could remember the BSSID (MAC Addresses) of open networks I used to protect me from things like my own Evil WiFi setup and other "evil twin" style wireless attacks.
That first version looked something like this:


Wiconn evolved over time. By late 2012, I'd given it a bunch of features and made the interface look nicer. All SSIDs were being listed with color-coded backgrounds for the network you're connected to, and open networks. Visually, it hasn't changed much since 2012. This is how Wiconn looks today:
https://github.com/n0xa/wiconn

Over this long holiday weekend, I finally got it to a place where I feel like sharing it. Since it's already in the garage for maintenance, I figured I might as well put wiconn on GitHub.

Features:
  • Written primarily in Bourne shell (/bin/sh)
  • No dependencies: Relies only on the OpenBSD base distribution
  • Built-in protection from common wireless attacks
  • Easily connect to saved networks with one command (no scanning or prompt)
  • 2-Clause Simplified BSD license
There's still some more work to do.  I'd like to have it detect that one of your saved networks is in the list and ask if you'd like to join it. I'm also using NetBSD a bit more, and feel like there might be a way to make it work well on both OpenBSD and NetBSD from the same codebase, despite small differences in command syntax and output format between them.

Anyhow, for the growing number of folks who are giving OpenBSD a shot lately, I thought I'd share. Feedback is welcome, and more information is available through the documentation via GitHub.

n0xa/wiconn on GitHub

2016-11-19

PoisonTap FUD

UPDATE 2016-11-20 16:30 UTC: 
There's been a bunch of discussion on Twitter -- enough to make me re-evaluate my testing environment, and as Samy himself pointed out, reports through the GitHub project that it's working as expected for some people. I really wanted to see this work, and I still do. I'll post a separate follow-up and link to it at the end of this post when I get time to work out all the kinks.

Everyone freaked out this week when Samy released PoisonTap, a set of scripts that weaponizes a Raspberry Pi Zero to act like a network interface. It's loaded with a few javascript bits to become the default route and DNS server, then serve up cache-poisoned versions of websites in the background. It's billed as being able to hijack computers even if they're locked, as long as a browser is running in the background and has one of many targeted websites open.

My first thought? "This is completely unfair and evil. I LOVE IT!" Last night, I started the process of laying a fresh Raspbian Jessie Lite image out for my Raspberry Pi Zero. This morning, play-time begun.



The first victim, was, of course, OpenBSD. I happen to know that OpenBSD won't simply get a DHCP address and start using any random USB network interface you plug into it. You'd have to at least manually run dhclient first. OpenBSD is not vulnerable. The interface doesn't get an address, so it can't hijack our network traffic.



Certainly, Ubuntu would be vulnerable though, what with all its systemd and NetworkManager user-convenience-uber-alles, right? As expected, NetworkManager displays a notification for a few seconds, and voila, we have an IP address from DHCP for what appears to be a new wired ethernet interface. Certainly Ubuntu will prefer this wired hard-line over the wireless I'm using in this laptop.

Nope. It doesn't hijack anything, but it's got some potential.


What about Windows? It's a non-starter. It can't even find a working driver.

A lot of the screen shots from the PoisonTap page seem to be from Mac OS X. So let's try it with my personal (still admin-capable) user account on my work laptop running OS X Sierra.

I'm sensing a pattern here.

I also tried on a few other systems I had kicking around at home, such as Arch Linux on my Raspberry Pi Zero Lapdock. The results were the same across the board: By default, very few systems even ask PoisonTap for a DHCP address without any user interaction, and none of them choose it as the default route or DNS server.

There may be certain configurations or cases where PoisonTap works like magic, but I couldn't find any solid examples in my lab at home. Most people shouldn't be scared of PoisonTap.

I'm calling FUD