"Janus Project" capable of scanning 300 networks simultaneously
The computer is the brain-child of Kyle Williams from the Janus Wireless Security Research Group in Portland, Oregon. We first spotted Williams sitting quietly and sipping Mountain Dew at the recently held Defcon security convention at the Riviera Casino in Las Vegas, Nevada. While it appeared as if Williams wasn't ver busy, the bright yellow Janus computer in front of him was scanning and capturing data from hundreds of wireless networks in range.
At first glance, the Janus computer looks like a laptop, but Williams said it is much more powerful than that. Inside the rugged yellow case sits a mini-computer motherboard powered by a 1.5 GHz VIA C7 processor and an Acer 17" LCD screen. Ubuntu 6.0 Linux runs the eight Atheros a/b/g Gold mini-PCI cards which continuously scan wireless networks. The mini-PCI cards are connected to two four-port PCI to mini-PCI converter boards. The wireless data is stored onto a 20 GB hard drive.
While the eight Wi-Fi cards are impressive, the Janus box also has two Teletronics 1 watt amplifiers along with external antenna ports in the back of the Pelican case. Williams made every port watertight by sealing them with epoxy and silicone. "When the lid is closed, it is essentially waterproof," said Williams.
So what does all of this wireless firepower provide? The Wi-Fi cards allow Williams to continuously scan and capture traffic from any wireless channel. Williams likes to continuously dump the raw network traffic to the hard drive, while running the Kismet scanner to get a "bird's eye" view of the area. From his Riviera hotel room and using a 1W amplified antenna, Williams said his Janus computer was able to capture data from 300 access points simultaneously. He said over 2000 access points were scanned and 3.5 GB of traffic was captured during the entire convention.
In addition to scanning for wireless traffic, Williams says the computer can break most WEP keys very quickly by focusing all eight wireless cards on the access point. Using a combination of common utilities like airreplay, airdump and aircrack, Willams said, "When I use all 8 radios to focus in on a single access point, [the WEP key] lasts less than five minutes." However, he added that some retail wireless access points will "just die" after being hit with so much traffic.
In addition to the capturing process, the hard drive and memory contents are continuously encrypted with AES 256-bit keys. There is also an "Instant Off" switch that, according to Williams, renders the captured data inaccessible to anyone but him.
