ArubaLabs SDK

Develop software and applications for the AP70 using the ArubaLabs Linux based software development kit.

The Aruba Labs Software Development Kit (SDK) is an embedded Linux development environment for the Aruba AP70 hardware platform.

The ArubaLabs SDK consists of a fully featured embedded Linux operating system with accompanying tool-chain and development tools. It features an extensible scripted package management system called build-root which can handle automated compilation and dynamic patch management.

The SDK is maintained as an overlay to an existing Linux distribution. The ArubaLabs-SDK is available as both the standalone overlay and already applied to the Linux distribution.

The SDK overlay applied to the Linux distribution is available in the release marked 2008.3.1-R1-Kamikaze and is recommended for most users.

Releases

Release	Date
ArubaLabsSDK-Kamikazi-2008-03-R1	2008-03-21

Documentation

Files

Aruba Hybrid Config

Aruba Hybrid Setup

Aruba Image Building

WZC Auto Provision

Command-line tool for Windows XP and Windows Vista for automatically provisioning wireless configurations from XML definitions.

Releases

Release	Date
wzcauto-2008-12-r1	2008-12-16

OpenCapWap

CAPWAP: Control And Provisioning of Wireless Access Points

The CAPWAP protocol (simply called 'CAPWAP' below) is currently under design in the IETF CAPWAP working group. In a nutshell, the protocol is being created to centralize management of wireless access points. There are two basic entities in CAPWAP: the Access Controller (AC), and the Wireless Termination Point (WTP, aka AP). CAPWAP defines the interactions between these two.

More information on the OpenCAPWAP project is available at www.opencapwap.org

Crawdad

Wireless data archiving for analysis and research needs.

CRAWDAD is the Community Resource for Archiving Wireless Data At Dartmouth, a wireless network data resource for the research community. Through CRAWDAD, many wireless network analysis resources are available including wireless data analysis tools and anonymized data traces. This serves as a tremendous resource for the research community, and for evaluating the robustness and stability of new research and analysis mechanisms mining through large sets of collected data.

CRAWDAD is sponsored by the National Science Foundation, Dartmouth College Center for Mobile Computing, Intel Corporation and Aruba Networks.

More information about the CRAWDAD project is available at http://www.crawdad.org.

Bluescanner

BlueScanner is a Bluetooth device discovery and vulnerability assessment tool for Windows XP.

While enterprises have become increasingly aware of the security concerns surrounding 802.11, Bluetooth vulnerabilities have continued to be ignored. With over 1 billion Bluetooth radios being shipped by 2008, organizations are becoming increasingly exposed to the threat associated with Bluetooth devices.

Aruba Networks BlueScanner is provided free of charge under the Aruba Software License. With a Bluetooth adapter, organizations can use BlueScanner to discover Bluetooth devices, their type (phone, computer, keyboard, PDA, etc.), and the services that are advertised by the devices. BlueScanner will identify any discoverable devices within range and record all information that can be gathered from the device, without attempting to authenticating with the remote device. This information includes the device's "human friendly" name, unique address, type, time of discovery, time last seen, and any Service Discovery Protocol (SDP) information provided by the device.

In addition, BlueScanner allows you to add location information to any discovered devices. This can be easily done by specifying a location name before starting a scan. Once the scan has been started, any discovered devices will be tagged with this location name. The location can of course be changed during a scan, and any devices discovered after changing it will be tagged with the new location.

To keep from drowning the user in all the information that BlueScanner collects, the intuitive user interface allows devices to be filtered according to how recently they were last observed, their location, type, and by specific service.

The following is an overview of the types of vulnerabilities and attacks that have been discovered to date and that BlueScanner can help thwart:

• Information Retrieval and Theft of Service; The BlueSnarf attack allows an attacker to covertly retrieve phonebook and calendar entries from a phone, the phone's business card, and even the phone's IMEI (International Mobile Equipment Identity)
• Tracking and Surveillance; The Bluefish tool can be used to constantly scan an area for Bluetooth devices. When a new device is found, the program, coupled with a camera, will capture an image of the area where the device was discovered and store it in a database, associating the image with the device and the time of discovery.
• Denial of Service Attacks; The BlueSmack attack is are similar in nature to the "ping of death" attack that was able to instantly disable Windows 95 machines instantly.
• Rogue Access Points; Just as 802.11 can make use of access points to provide network connectivity, Bluetooth access points can as well. Therefore, a similar exposure is posed by them, namely rogue access points.
• Reconnaissance and Discovery; Tools such as RedFang, BTScanner and BlueSniff allow an attacker to scan through all possible values used for a device's 48bit address and attempt to connect to them. Once a device is found in this manner, it is just as easy to attack as if it were in discoverable mode.

FAQ

Where can I buy a Bluetooth adapter that will work with BlueScanner?

There are many adapters listed on Google's Froogle site. We have had success with these two adapters.

• Targus USB adapter
• IOGear USB adapter

I already have a non-Microsoft driver installed for my Bluetooth adapter. How do I install the Microsoft driver?

The best way to revert to the Microsoft driver is to simply uninstall the Bluetooth driver and stack that is currently installed. You can do this using the Add/Remove Programs control panel. Keep in mind that BlueScanner will only work with Windows XP Service Pack 2.

My phone headset is showing up as active in BlueScanner even though it is turned off.

If you have paired a device with your PC then that device will always show as active in BlueScanner, whether or not the device is present. The reason is that Windows does not distinguish between paired devices and active devices when it returns the result of a scan. This means that BlueScanner can't tell which devices are reporting simply because they are paired.

Releases

Release	Date
bluescanner-1120	2008-04-21

MAP

The MAP project is undergoing development of novel techniques for improving the measurement, analysis and protection of wireless networks.

Our research partners at Dartmouth College have secures funding by the Department of Homeland Security Advanced Research Projects Agency (HSARPA) to develop novel and scalable techniques to Monitor, Analyze and Protect wireless networks. Known as the MAP project, the project team includes researchers, developers, and project managers, with experience in all relevant technical areas.

As a result of this project, Dartmouth College is deploying the MAP architecture throughout the Lebanon, NH campus. Several papers have been published as a result of the research and analysis in the project as well. Additional information on the MAP project can be found in the 2006 Network Computing article by John Cox, and at the Dartmouth College MAP home page.

WiFiDEnum

WiFi Driver Enumeration; wired scanning for driver vulnerability assessment.

WiFiDEnum is the WiFi Driver Enumerator, a Windows tool that assesses wireless driver information on local and remote Windows workstations. Using a database of known wireless vulnerabilities, WiFiDEnum assesses the versions of installed drivers and produces a vulnerability report, identifying systems and specific drivers that are at risk to wireless driver exploit attacks.

WiFiDEnum scans Windows hosts over the infrastructure network (e.g. wired or wireless connections) using the Windows Management Instrumentation (WMI) API. Using the current user or alternate specified authentication credentials, WiFiDEnum extracts registry information on a remote host to identify the wireless drivers that are installed, and the associated version information for each driver.

With the driver version information, WiFiDEnum examines a local MS Access database file that identifies several vulnerable Windows drivers. Using this database information, WiFiDEnum assesses each driver to determine if it is vulnerable, and reports it appropriately.

Once the scan is finished, the user can generate a simple HTML report that identifies all the stations scanner, the wireless driver and version information for each workstation, and any vulnerabilities discovered, along with CVE and WVE links for more information about the vulnerability (wherever possible).

Releases

Release	Date
WiFiDEnum 1.2.0	2007-12-04

Documentation

Files

WiFiDEnum Quickstart

WiFiDEnum FAQ

WVE

Public, vendor-neutral wireless vulnerability and exploit taxonomy.

WVE is a free, vendor-neutral effort to build a taxonomy of exploits and vulnerabilities affecting wireless networks, including but not limited to WiFi (IEEE 802.11), Bluetooth (IEEE 802.15), WiMax (IEEE 802.16), ZigBee (IEEE 802.15.4), GSM, CDMA and RFID networks. WVE has several advantages for the community:

• Current information source; With news postings to keep viewers current with wireless attacks and exploits, WVE is a resource for staying current with attacks and security trends affecting wireless technology
• Wireless IDS correlation; Leveraging the WVE identifiers, vendors can provide a standard resource and identifier for observed attacks with wireless IDS (WIDS) systems. Using a standard nomenclature, consumers can correlate events across multiple vendors while accessing the most current descriptions and references for wireless attacks.

For more information visit the WVE site at www.wve.org.