Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11b Honeypots Open for Business

Posted by CmdrTaco on from the are-you-secure dept.

11thangel writes "SecurityFocus is running a story about a wireless honeypot project, being run by the SAIC. The setup consists of 5 Cisco access points in the Washington D.C. area, with two extra antennas (high gain omni's) plugged in. The network itself has a bunch of comps with various vulnerabilities, similar to a traditional honeypot. At the present, the network doesn't have a net connection, but the administrator is considering hooking it through a web proxy that would add a consent-to-monitor banner, so he can watch who's doing what. Time to find a WiFi card that can MAC-hop."

6 of 103 comments (clear)

  1. Warchalk by Malc · · Score: 4, Informative

    I guess the warchalkers should add another symbol to their icons to warn people about honeypots. Although I suppose this could be abused by the owners of the access points trying to dissuade from hooking up.

  2. Changing the MAC by stere0 · · Score: 5, Informative

    # ifconfig eth1 hw ether [mac] , where eth1 is your interface and [mac] your MAC, should work

    --
    Trollem mirabilem hanc subnotationis exigiutas non caperet
    1. Re:Changing the MAC by Pow · · Score: 2, Informative

      It works on my orinoco but needs a bit kernel/orinoco driver tweaking. By default this _does not_ work on orinoco cards i.e. mac is not changed. Yes I verified that.
      Basically

      hermes_write_ltv(hw,
      USER_BAP,
      HERMES_RID_CNFOWNMACADDR,
      HERMES_BYTES_TO_RECLEN(ETH_ALEN),
      dev->dev_addr);
      when resetting card does the trick. (i'm using orinoco_cs drivers).
      If you are lazy to add this code where appropriate, use these patches. They support mac changing plus monitoring mode for orinoco/wavelan cards.

  3. Re:*sigh* by Delta-9 · · Score: 4, Informative

    I agree. I don't buy the statement that they are using it to figure out the "tricks of the trade." Anyone can figure out the tricks of the trade by browsing a couple websites. I found netstumbler after doing very little research into this matter.

    They are laying the groundwork for controlling and making precedent for what is "unauthorized access." Don't be suprised when someone is arrested for browsing /. from a public transportation bench in the near future. Its a shame that so many sysadmins can't do their job that people like this have to do it for them.

  4. Help for Orinoco owners by Anonymous Coward · · Score: 2, Informative

    The new airsnort page has links to nifty stuff like a patch for "monitor mode" - now all those Prism2 owners will have nothing to hold over you.

    The newer versions of this patch also let you change the MAC address with ifconfig as seen in another post on this story. Stock versions of the driver (as found in the pcmcia-cs distribution) don't.

    Driving around with one of these things and a standard Lucent range extender popsicle antenna is almost boring now. LOTS of ISPs are getting into the business, and you get hits just about anywhere you go. You can even pick up a good signal while being chased by alligators at Brazos Bend state park outside Houston. It's everywhere.

  5. Re:Changing the MAC -- Prism2 / WLAN by Uzmo · · Score: 2, Informative

    If you have a prism2 chipset and are using the wlan-ng drivers on linux, then you can change the MAC on your wireless card. Change the MAC on the wireless card using the wlanctl-ng command similar to this: /sbin/wlanctl-ng wlan0 dot11req_mibset mibattribute=dot11StationID=[mac] Then change to the same MAC using the ifconfig command as mentioned by stere0. Cheers!