What’s this? Someone is powering on a wireless router with the same SSID as my home network! Are they hoping I’ll accidentally connect to their wifi so that they can sniff my traffic? Outrageous!
Thankfully, my digital picture frame is standing by to alert me to the fact 🙂
The IDS digital picture frame
So what I have here is an O2 Joggler device. Its main job in my home is to display a photo slideshow. However, running in the background is Kismet – a Wireless Intrusion Detection System. When an IDS signature is triggered, the display changes to notify me of the fact (see video), and – optionally – an alarm is sounded. Tapping on the screen will then take me to the Kismet user interface so that I can learn more about the nature of the alert (see below).
How the magic happens
The hardware in question is a touchscreen device resembling a digital picture frame, with USB and wifi. One of the very nice things about the Joggler is that you can run custom operating systems from an external flash drive. In this instance, I have chosen a pre-configured Xubuntu 12.04 LTS distribution by Jools Willis.
The next step is to install Kismet. This can be done by adding the Kismet repository to /etc/apt/sources.lst, and doing a sudo apt-get update && sudo apt-get install kismet. Check out the website for detailed installation and configuration instructions. I also installed SoX for playing audio.
I found kismet to be unusable with the default wireless driver in the Xubuntu image, so I switched driver with much better results. I did this by modifying /etc/modprobe.d/joggler.conf to show:
#blacklist rt2800usb
blacklist rt2870sta
Here’s what I put in the capture source line from /etc/kismet/kismet.conf :
ncsource=wlan0:type=rt2800usb
To display the photos, I used the screensaver that comes with Xubuntu (XScreenSaver) and chose the GLSlideshow option, configuring it to point at my pictures folder. The “IDS Alert!” text comes courtesy of the GLText option in XScreenSaver.
The trick I found for getting Kismet to make use of XScreenSaver was through the Kismet client setting for customising the path to the sound-playing binary (the soundbin option in /home/joggler/.kismet/kismet_ui.conf). Rather than putting the path to the play executable, I set the path to a custom script. This script sets the screensaver to GLText before playing the audio. So, if Kismet tries to play a sound, it will first set the screensaver to “IDS Alert!”. Here’s the script I used:
#!/bin/bash
xscreensaver-command -select 98
play $1
And here’s a script to reset the screensaver to use GLSlideshow once you’ve checked out the alert:
#!/bin/bash
xscreensaver-command -select 143
I’ve had to disable Kismet’s ADHOCCONFLICT alert as it was getting triggered all the time, I suspect due to either hardware or driver issues – I need to investigate this further. I’ve run Kismet on other devices at the same time and not seen the alert.
Steve's Home Lab 