Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11b Honeypots Open for Business

Posted by CmdrTaco on from the are-you-secure dept.

11thangel writes "SecurityFocus is running a story about a wireless honeypot project, being run by the SAIC. The setup consists of 5 Cisco access points in the Washington D.C. area, with two extra antennas (high gain omni's) plugged in. The network itself has a bunch of comps with various vulnerabilities, similar to a traditional honeypot. At the present, the network doesn't have a net connection, but the administrator is considering hooking it through a web proxy that would add a consent-to-monitor banner, so he can watch who's doing what. Time to find a WiFi card that can MAC-hop."

8 of 103 comments (clear)

  1. Useful? by ipjohnson · · Score: 4, Insightful

    How useful can this be? it was just announced on slashdot .... hackers don't read slashdot?

  2. Re:Honeypots by motardo · · Score: 1, Insightful

    good one!

    obscure winnie the pooh refrence, on SLASHDOT of all places :)

  3. Re:*sigh* by Anonymous Coward · · Score: 1, Insightful

    This isn't entrapment man. Entrapment is when they would say (and if they were a police agency) "come hack this system, it'll be fun." Then when you do, they prosecute you for it. This is just throwing some vulnerable systems onto the net and seeing what happens. Grandma's and PHB's do that everyday. Get a clue. It's the furthest thing from entrapment out there.

  4. Re:*sigh* by ericman31 · · Score: 2, Insightful
    Of course if you connect to and access a network that displays banners saying it's a private network then you were breaking the law after being warned. That's not really entrapment as far as I understand it. For example, if an access banner says something like:


    WARNING: Use of the network is restricted to users authorized by XXXX only. User activity is monitored and recorded by system personnel. Anyone using the network expressly consents to such monitoring and recording. BE ADVISED: If possible criminal activity is detected, system records, along with certain personal information, may be provided to law enforcement officials.

    Nobody enticed you to do anything. In fact, they did just the opposite and told you not to do it, and you did it anyway.

    --
    In my universe I'm perfectly normal, it's not my fault you don't live in my universe.
  5. Re:*sigh* by numatrix · · Score: 2, Insightful

    Not at all true. Honepots have gathered a number of very interesting exploits long before they become publically accessible on common hacking webpages. Check out the honeynet project if you don't believe me. It stands to reason that a wireless honeynet would be just as useful for the same reasons, maybe even more since I would expect the odds of getting someone more sophisticated on a wireless intrusion are higher than random internet ip scans.

  6. Honey, I'm Home by Anonymous Coward · · Score: 1, Insightful

    Would someone please explain to me exactly what crime is committed if my wifi enabled pc alerts me to an open port. And I "walk in" to see if I'm welcome.
    And if the net is available and I surf what have I taken?
    Bandwidth?
    Well I receive 10's of millions of unwanted bytes daily of unrequested/unwelcome advertisements which are "taking" my bandwidth. Whats the difference?
    And furthermore couldn't an open wifi port be called an "attractive nuisance" in legal parlance. Like a swimming pool without a fence.

    BTW I have an open to the net wifi port operating as I type. Am I a victim or a perpetrator.

  7. war-driving in D.C. by ZeroLogic7 · · Score: 3, Insightful

    Frankly, I can't imagine why SAIC would advertise the fact that they're setting up a WiFi honey pot. It's not net enabled, so for most war drivers, it probably won't be that interesting. Besides, if they were trying to incriminate, don't associate to any cisco gear. Most companies who are savy enough to buy the high end gear will most likely turn on WEP and VPN to a firewall anyway. (ah, the glory of cracking a key only to experience the agony of finding something ELSE in the way.) So if you find a cisco AP that's not WEP enabled, it's a likely candidate.

    Maybe they're advertising because no one landed in their little pot so they're trying stoke the flames a little. I found several hundred AP's just driving a couple miles and back downtown. I would think it would be a little more interesting to situate your honey pot in a corporate area with low to medium RF traffic. Pinpointing a car in a relatively suburban area would be much easier than downtown. (and people wonder why I tinted my windows)

    If you want to attract a war driver, dump something interesting on the air. You'd be surprised how much internal crap dumps out onto wireless due to broadcast traffic. (oh, you say you're on a switch? hehe..)

    And how far can they track the "intruder?" I've been able to get line of sight at several miles to a few AP's while driving downtown. (and as long as someone else is driving, once they get a fix on me, they won't have me at that point for very long.) (course, LOS at a couple miles would be hard to keep associating while driving.)

    As for the Mac-hopping comment... What good is that? Or are you talking about channel hopping? Get a real nic that monitors on all channels simultaneously. And war driving just isn't war driving unless you have a external antennas for both your GPS and your WiFi cards. (In some cases, an amplifier can help...)

    --
    THIS SPACE FOR RENT
  8. Re:High-Gain Omnidirectional Antenna by funky+womble · · Score: 2, Insightful
    Omnidirectional usually refers to 360 degrees around the antenna (H-plane). The higher the gain, the narrower the vertical beamwidth (E-plane).

    So in order to cover more people it probably would be better to use a couple of sector antennas with a down-tilt (as often seen on cellular base stations).

    An alternative would be an amplified lower gain omni (but in many situations that wouldn't work as well since it will pick up more noise).