Edith Cowan University
Computing, Health and Science
School of Computer and Information Science
The commonly known security weaknesses associated with the 802.11b wireless standard have introduced a variety of security measures to countermeasure attacks. Using a wireless honeypot, a fake wireless network may be configured through emulation of devices and the TCP/IP fingerprinting of OS network stacks. TCP/IP fingerprinting is one of the most popular methods employed to determine the type of OS running on a target and this information can then be used to determine the type of vulnerabilities to target on the host. Testing the effectiveness of this technique to ensure that a wireless honeypot using honeyd may deceive an attacker has been an ongoing study due to problems conducting TCP/IP fingerprinting in the wireless environment. Research conducted in a university laboratory showed that the results were ineffective and the time taken to conduct testing could be as long as 60 hours. The subsequent exploration of different testing methods and locations illuminated on an ideal research facility called a faraday cage. The design and construction of the faraday is discussed in this paper as an affordable solution for controlled and reliable testing of TCP/IP fingerprinting against the scanning tool Network Mapper (NMAP). The results are useful when looking to deploy a deceptive honeypot as a defence mechanism against wireless attackers.