Nzyme 1.2.0 available, tools for tracking attacks on wireless networks

is presented Release of the Nzyme 1.2.0 , intended for monitoring wireless networks in order to identify malicious activity, deploying submarine access points, unauthorized connections and perform typical attacks. The project code is written in java and extends under the SSPL license (Server Side Public License), which is based on AGPLV3, but is not open For the presence of discriminatory requirements for the use of a product in cloud services.

Traffic capture is carried out through the transition of the wireless adapter into monitoring mode for transit network frames. It is possible to transfer intercepted network frames into the system graylog for long-term storage in case the data is required to parse incidents and malicious actions. For example, the program allows you to identify the emergence of unauthorized access points, and in case of detection of an attempt to compromise the wireless network, it will show who became the goal of attack and which users were compromised.

The system can generate several types of warnings, and also supports various ways to determine abnormal activity, including checking the components of the FingerPrint-identifier network and creating traps. The generation of warnings is supported when violating the network structure (for example, the appearance of a previously not known BSSID), changes in the security of network parameters (for example, changing encryption modes), detect the presence of typical devices for attacks (for example, Wifi Pineapple ), fixing the treatment of a trap or determine anomalous change behavior (for example, when individual frames appear with an atypical weak signal level or violation of the threshold values ​​of the intensity of packages) .

In addition to analyzing malicious activity, the system can be used for overall monitoring for wireless networks, as well as to physically detect the source of the identified anomalies through the use of trackers that allow you to properly determine the malicious wireless device based on the attributes specific to it and change the signal level. Control is performed through a web interface.


In the new version:

  • Added support for generation and sending reports of reports on identified anomalies, recorded networks and a general state.

  • Added support for warnings about identifying attempts to make attacks to block the work of surveillance cameras based on the mass dispatch of deautentic packets.

/Media reports.