Slashdot Mirror

← Back to Stories (view on slashdot.org)

802.11b Honeypots Open for Business

Posted by CmdrTaco on from the are-you-secure dept.

11thangel writes "SecurityFocus is running a story about a wireless honeypot project, being run by the SAIC. The setup consists of 5 Cisco access points in the Washington D.C. area, with two extra antennas (high gain omni's) plugged in. The network itself has a bunch of comps with various vulnerabilities, similar to a traditional honeypot. At the present, the network doesn't have a net connection, but the administrator is considering hooking it through a web proxy that would add a consent-to-monitor banner, so he can watch who's doing what. Time to find a WiFi card that can MAC-hop."

2 of 103 comments (clear)

  1. Useful? by ipjohnson · · Score: 4, Insightful

    How useful can this be? it was just announced on slashdot .... hackers don't read slashdot?

  2. war-driving in D.C. by ZeroLogic7 · · Score: 3, Insightful

    Frankly, I can't imagine why SAIC would advertise the fact that they're setting up a WiFi honey pot. It's not net enabled, so for most war drivers, it probably won't be that interesting. Besides, if they were trying to incriminate, don't associate to any cisco gear. Most companies who are savy enough to buy the high end gear will most likely turn on WEP and VPN to a firewall anyway. (ah, the glory of cracking a key only to experience the agony of finding something ELSE in the way.) So if you find a cisco AP that's not WEP enabled, it's a likely candidate.

    Maybe they're advertising because no one landed in their little pot so they're trying stoke the flames a little. I found several hundred AP's just driving a couple miles and back downtown. I would think it would be a little more interesting to situate your honey pot in a corporate area with low to medium RF traffic. Pinpointing a car in a relatively suburban area would be much easier than downtown. (and people wonder why I tinted my windows)

    If you want to attract a war driver, dump something interesting on the air. You'd be surprised how much internal crap dumps out onto wireless due to broadcast traffic. (oh, you say you're on a switch? hehe..)

    And how far can they track the "intruder?" I've been able to get line of sight at several miles to a few AP's while driving downtown. (and as long as someone else is driving, once they get a fix on me, they won't have me at that point for very long.) (course, LOS at a couple miles would be hard to keep associating while driving.)

    As for the Mac-hopping comment... What good is that? Or are you talking about channel hopping? Get a real nic that monitors on all channels simultaneously. And war driving just isn't war driving unless you have a external antennas for both your GPS and your WiFi cards. (In some cases, an amplifier can help...)

    --
    THIS SPACE FOR RENT