BSD & *nix, CS778, Hobbies

Kali Linux as personal WIDS and Internet Gateway on Raspi

By

Hardware needs :

1. Raspberry Pi Type B
2. WiPi – http://www.newark.com/element14/wipi/unknown/dp/07W8938
3. Ethernet Cross over cable

Instructions :

1. Install KALI linux on raspi http://docs.kali.org/armel-armhf/install-kali-linux-arm-raspberry-pi

2. The first attempt of Kali linux installation on Raspi was failed to identify my WiPi USB dongle

3. To solve this problem we need update the Raspi firmware and reinstall the OS. Please follow this instruction https://github.com/Hexxeh/rpi-update.

4. Software needs on my Raspi :

a. DHCPD
b. iptables for routing
c. Wireless Tools for scanning
d. aircrack-ng suite
e. python-scapy
f. python-pip
g. GNTP – Growl Notification Transport Protocol

5. This is the design looks like :

 

testbed

6. The methodology :

The Raspi will use Kali Linux ARM and will have 2 interfaces eth0 and wlan0. The ethernet interface will be the LAN and connected to the Client PC. Wireless interface wlan0 will be the WAN interface and connected to the local AP that provide the internet. Raspi will act as internet gateway and also the Wireless IDS. For the time being this WIDS only will detect de-authentication attacks. I’ll use airmon-ng to set wlan0 on monitor mode and to use scapy to detect de-authentication packet from the Wireless Network. Once it’s detect the attacks, GNTP will send the notice on the client as depicted :

detected

7. DHCPD installation / configuration

apt-get install isc-dhcp-server

This is my dhcpd.conf looks like :

subnet 192.168.2.0 netmask 255.255.255.0 {

range 192.168.2.100 192.168.2.150;

option broadcast-address 192.168.2.255;

option routers 192.168.2.1;

default-lease-time 600;

max-lease-time 7200;

option domain-name “local”;

option domain-name-servers 8.8.8.8, 8.8.4.4;

}

Make it enable on boot :
update-rc.d isc-dhcp-server enable

Start the service :

/etc/init.d/isc-dhcp-server start

8. Setting up routing :
Before that we needs to configure static IP for this box.

This is how my /etc/network/interfaces looks like :

auto lo

iface lo inet loopback

auto eth0

iface eth0 inet static

address 192.168.2.1

netmask 255.255.255.0

network 192.168.2.0

broadcast 192.168.2.255

#gateway 192.168.1.1

allow-hotplug wlan0

iface wlan0 inet dhcp

wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

Set postrouting for wlan0

iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Setting ip forward on /etc/sysctl.conf

net.ipv4.ip_forward=1


9. Install wireless tools

apt-get install wireless-tools

Setup wireless wpa_supplicants as mentioned on /etc/network/interfaces

network={

ssid=”SSID-name”

psk=”passphrase”

proto=RSN

key_mgmt=WPA-PSK

pairwise=CCMP TKIP

}

10. aircrack-suite is already intalled on KALI Linux 🙂

11. Install python-scapy :

apt-get install python-scapy

12. Install python-pip

apt-get install python-pip

13. Install GNTP

pip install gntp

 

Thanks to Ajay Yadav for WIDS code 🙂

This article was written by matn0t.