Attack Of The Dreamcasts

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."

how is this any different

[Dopefish_1]

from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

Re:how is this any different

[MADCOWbeserk]

How is this different?
Because it is completely automated and it is small and easy to hide.

IHMO.. Very very cool, nice job guys

Re:how is this any different

wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

Not if the company develops games for the Dreamcast.

Re:how is this any different

[bowronch]

From the article:

They chose the Dreamcast for its small size, availability of an Ethernet adapter, and affordability -- the console was discontinued last year, and now sells used for under $100 on eBay. Loaded with custom Linux-based software and covertly plugged into a spare network port under a desk or above a ceiling, the harmless-looking toy becomes the enemy within, probing the company firewall for a way out to Internet.

Re:how is this any different

Look around any office(s) and the office building itself and ask yourself how many places could a small computer be put that no one would notice for quite a while.

Any raised floor computer room under the floor tiles, it could be put in most drop down ceilings, there are just a huge number of places you could
place a box to do the job that would not very likely to be noticed for several months or years. Almost all of the places in question would have fairly simple access to network and power.

Re:how is this any different

Oh yeah, there are so many companies that do that now days.

Re:how is this any different

You forgot the under God part. Communist.

Re:how is this any different

[greg_barton]

Heck, just use an EPIA based system. Cheaper than a Dreamcast. Boot from a CF card. Fanless. Silent.

Re:how is this any different

[moonboy]

How about (at least) $1000 difference?

Re:how is this any different

[timeOday]

Check out the 5th word in the article: "cheap" and later in that first sentance: "disposable".

Re:how is this any different

[aardwulf]

Obviously...it hides easily, is bare bones, is cheap, is fairly quick (faster than cheap PDAs)...the point isn't to leave it sitting out where someone would see it. Point is to shove it behind someone's desk, bookcase, etc. The thing is only 3" thick, not like a whole lot of space is needed. And if it were placed behind a desk, the jumble of wires and office noise would more than mask its power, ethernet, and fan noise...

Re:how is this any different

[homer_ca]

Any networkable device that's easily programmed could do the same thing. They say the Dreamcast is cheap enough to be disposable since you wouldn't be going back to retrieve the probe. Only problem with this plan is that while Dreamcasts are plentiful and cheap, the ethernet adapter is rare and expensive (over $100 on Ebay). Might as well go dumpster diving to find some 486 laptops.

Re:how is this any different

[donutello]

I've seen a number of replies talking about how a dreamcast is cheaper, has a lower footprint, etc.

$1000 is really not that much money for someone seeking to gain from cracking into a companys network. You've gotto believe that the data they're trying to steal from you is worth more than the cost of a measly laptop.

What it does do, however, is lower the barrier of entry, if you may, to potential attackers. It might also make sense if you're using a "carpet-bombing" technique where you put several of these on the network hoping that one or two of them may go undetected - although I assume after the first one is detected and security knows what to look for the others won't be so hard to find and in fact having multiple ones of these around might actually increase the chances of someone getting supicious.

Re:how is this any different

[Bastard+Operator+Fro]

How is that cheaper than a $60 dollar Dreamcast?
http://www.ebgames.com/ebx/ads/promos/create-a-b un dle/dc/default.asp

Re:how is this any different

[Anonvmous+Coward]

" I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?"

At a game company?

Actually though, at my company (not a game company) I could probably bring a Dreamcast in and get it on the network without anybody really noticing. If I disable the LED on it, I'm pretty sure most of the people here (even those that have a Dreamcast and play it) wouldn't consider looking to see if it was network connected or not.

There are advantages to keeping your desk cluttered like I do. ;)

Re:how is this any different

[greg_barton]

Egads! I stand corrected. :)

Re:how is this any different

wouldn't it be ironic if you got the 486 laptop while dumpster diving at the building you were attacking?!?!?!

Re:how is this any different

[pauly_thumbs]

how is this different from throwing a boot floppy into an unattended machine that loads an OS and scripst to do whatever it is said intruder wants to do?

Security is only as good as your vigilance and your Doorman!

Do you _Know_ everyone in your office?

This is where your social skills or lack there of can be either an asset or a detriment.

Introduce yourself around Sysadmins... find out who those mysterious personell are... Heck you might just make some friends!

Re:how is this any different

Look up the definition of 'ironic' some time.

Re:how is this any different

[eyeball]

Also because it is cheap and not as useful as a laptop. I have 3 Dreamcasts that friends gave me without even asking that I wouldn't mind loosing. Laptops are a little harder to part with.

Re:how is this any different

[Suppafly]

cheap, except the broadband adapters still get something like $150 off ebay..

Re:how is this any different

[Mupp252]

Yea, you find an auction on ebay that is selling the ethernet upgrade for $100 or less and get back to me.

Re:how is this any different

[Jeremiah+Cornelius]

Interesting!
Using a defunct laptop, this is exactly the attack I outlined to our no. 1 financial client as the hole in their proposals for an Internet stack security architecture.
They have crypto on EVERYTHING on disk - web files to DB. But traffic travels in the plain between hosts.

Re:how is this any different

[PD]

If you're looking for One nation under God, I suggest that you move to Iran.

Re:how is this any different

[psypete]

dreamcasts are commonly $50 in retail stores. the broadband adapters, though, go for over $100, and i got mine off of lik-sang.com for about $120. and the dreamcast doesn't have fans; it's water cooled, actually. that horrid whirr from the dreamcast is actually the shitty GD-ROM trying to access the cd. it's supposed to be something like 12x or 24x, but due to the fact that it has to work harder to read the proprietary GD-ROM format (more data in same space) plus it's just a crap cdrom drive hacked to read/write/whatever at half the rotation speed, it just gets loud as fuck. but as long as you arent accessing the cd it's pretty damn quiet.

Re:how is this any different

[digitalsushi]

no, no. you dont wanna just sneak a laptop into a network... sneak it into another computer! If i wanted to mess another netadmin up... i could hide a smaller, fanless computer inside a larger computer. Then I'd figure some clever way to conceal the ethernet cable i just tapped. :) Come on, it would take half of you at least an hour to figure that one out.

Re:how is this any different

[ShawnDoc]

It seems like a lot of work to smuggle a Dreamcast into a building, try to find a unused port and power outlet in a place that it would not draw attention, and hook it all up.

Wouldn't it be easier to just make the same software run in the background under WindowsXX? Then all you would have to do is spend 30 seconds at someone's computer who has gotten up to get some coffee or is out at lunch, to slip the disk in and install and run the software.

I don't know, it seems a lot easier to me.

Re:how is this any different

[Melantha_Bacchae]

PD writes:

> If you're looking for One nation under God, I
> suggest that you move to Iran.

Besides, the US is one nation under Godzilla. Or it will be, once the Dreaded God gets done filming "Godzilla X Mechagodzilla" (http://www.godzilla.co.jp/) and notices we are going through with the Yucca Mountain stupidity after he put his foot down on the matter June 14th.

What happened June 14th you ask? Twin earthquakes, one near Yucca Mountain, one in Ibaraki (the region of Japan that Tokai is in). The message is clear: Repeat the stupidity that caused Japan's worst nuclear accident at Tokai, and suffer the same fate.

And to get back on subject, you wouldn't want to put this on a network with Macs once Jaguar gets out. The next time a user goes to print, up comes the list (courtesy of Rendevous):

MIS printer 1
MIS printer 2
Dreamcast Auto-Cracker
Accounting printer 1 ...

Kinda hard to hide, even if it is little and cheap. ;)

Sonora:"New Godzilla reading. He's moving inward toward Tokai."
Shinoda: "The nuclear plants, I knew it.
Sonora: "Afraid so."
Yuki: "Well, that's just lovely. Another Chernobyl."
"Godzilla 2000" (US version dialog)

Re:how is this any different

That's fucking briliant, man!

Re:how is this any different

It breaks spec like a bitch, but I've done this, and it works. You crimp one plug on each end with just the orange and green pairs, and use the bleu and brown pairs for a second set of plugs. Yes, this breaks specs, but it will work for 100Mb/s networks for at least a few dozen feet.

Re:how is this any different

[limekiller4]

DreamCast: $10 - $30
Laptop: $500 - $1,400

Re:how is this any different

[balloonhead]

Read the article. It is cheap as hell now that it has been discontinued. Would you want to stick in your new shiny laptop knowing you might never see it again?

Re:how is this any different

Well, it is ironic.

According to the definition of irony, it is dramatic irony... ...only when one is assuming that the company is disposing of its 486 in the dumpster instead of selling/donating them, purely for security reasons.

And I'll have to quote irony on e2 for that.
"In one point I must emphatically disagree with Draeis. You do not need markers of irony. It can even spoil the effect if you mark it out as irony,
like explaining the punch line for those who didn't get it. The best irony is unmarked. And as such, it is often misunderstood. If you're a good
ironist you just have to get used to this. Alas."

Re:how is this any different

[plover]

It can still get caught the same way. Our network monitors are watching for port scanners on the inside as well as the outside, and it wouldn't take them long to notice it.

Of course, physically FINDING it once they've learned of its existence might be a bit trickier. But I assume the second step they'd take would be to shut down the port on the nearest switch. (The first step, of course, would be the location of a suitable scapegoat. Nobody does anything around here without some kind of CYA plan.)

Re:how is this any different

[krogoth]

You can completely automate a laptop and hide it in any small space as long as it's on (it even has battery power, unlike a Dreamcast).

Re:how is this any different

[rakslice]

>Because it is completely automated and it is small and easy to hide.

If there's completely automated software for DC, you can bet that there's such software for PC too. And, if you choose the right laptop, it would be even smaller than a DC. There are plenty of obsolete subnotebooks that would fit the bill.

Re:how is this any different

[MADCOWbeserk]

Our network monitors are watching for port scanners on the inside as well as the outside, and it wouldn't take them long to notice itLooks like your company is more diligent than most. Most companies I have dealt with couldn't find thier own asses with a map, especially when it comes to security.

Re:how is this any different

[RoofPig]

Well if something goes wrong and someone takes it, you're out less than a hundred bucks, oh, plus the cost of the Dreamcast broadband adapter. Laptops cost a little more.

Re:how is this any different

[Adversive]

Not necessarily.

The expensive part of this is the Dreamcast Broadband Adapter. While a complete Dreamcast system costs under $40 on ebay, the broadband adapter sells for up to $200.

This also requires modifying the Dreamcast to accept an IDE hard drive, which likely brings the total cost to over $200. There are many Pentium-class laptops on ebay for less than that.

Re:how is this any different

[(H)elix1]

The real trick is to get them to run from batteries -- like a 12V car, or a stack of D cells. I'm spending some quality time with the ATX spec these days.... the wife looked at me and said to just buy a DC->DC ATX ps, but it has been a REALLY long time since I had to pull out the tools for anything but water cooling kits. That, and paying 2-3x more for the PS than the cpu/mainboard hurts.... not that time is money. (grin)

Re:how is this any different

[thinkpenguin]

im sorry, but the hard drive adapter is not needed. i have a dreamcast, and it boots linux standalone off of cd. the raw filesystem can be mounted and modified before making the iso, so the user can have whatever software necessary to run loaded at boot by default.

Re:how is this any different

[Misanthropic+Lycanth]

That's assuming you want to retrieve your attack tool after you've left it their. Like they said in the article, it's easy to get into a company for 1 or 2 minutes. It's probably harder to go back in and get what you've left.

Re:how is this any different

No, you weren't corrected because the person replying to you was not correct. You may be able to get a DC for $60 USD from EB, but it does not come with a broad band adapter -- it comes with a 56k controllerless modem. Linux for the DC cannot yet talk to that modem. The DC Broadband adapter (10/100 base-t) was made in a limited run, and will cost upwards of $150 USD. There is also a Japanese only LAN adapter (10 base-t) which was again only produced in a limited run but expect to pay $50 to $100 USD, not including shipping from Japan. I can get both a used 486 laptop and a used 10/100 base-t PCMCIA card for that price.

Re:how is this any different

[hesiod]

> I have 3 Dreamcasts that friends gave me without even asking that I wouldn't mind loosing.

Well, if you're not too worried about losing them, I'd take one off your hands for ten bucks... plus shipping of course... Hrm, Slash-bay.... or is it E-Dot? Bay-Dot?

Re:how is this any different

[greg_barton]

A mini-itx case with DC input

Re:how is this any different

[Isthistakenyet?]

The place I used to work at had huge server systems. Most of them had trivial physical security (cases weren't locked, no alarms), and they had a lot of empty space for expansion units or due to poor design, so putting another system inside one would be trivial. Also most of them had multiple network connections so another network cable wouldn't be suspicious.

Re:how is this any different

[elixx]

while ironic does describe it, I think "the shit" would be a bit more accurate ;D

Re:how is this any different

[elixx]

Actually, in this time of solid-state storage and single-board/matchbox/thumbtack/whatever-sized web servers and the like, i'm suprised that no one has yet (publically) made a small box with a single ethernet interface and a battery (solar-panel?) for the sole purpose of data collection and the like.

Re:how is this any different

[mr_z_beeblebrox]

Come on, it would take half of you at least an hour to figure that one out.

But it would only take all of us 3.2 seconds to administer the Dreaded /. DOS attack once your connection was found.

Why is this specifically a problem for dreamcasts?

[fo0bar]

They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)

With so many hacks/mods...

[L-Wave]

Its surprising that the dreamcast got discontinued so fast...=/

Re:With so many hacks/mods...

Yes.. It is a shame there aren't any new games coming out for it. A great system.. I hope mine never breaks, or I'll be having some trouble.

just goes to show...

[i.r.id10t]

... that inside physical security is just as important as network/software level security - if not more so.

Even scarier

[crumbz]

Is when someone hacks an iPod to do this. You could hide it in a wall and have an IEEE-1394 to 10base-T adapter with a cat-5 cable right into a patch panel in the wiring closet labeled D-103...

Re:Even scarier

Until the battery dies.

Dude. You're inside the wall already. Ya know, where the POWER is?!!

Re:Even scarier

[b1t+r0t]

Until its hard drive is full with Office.X.

Re:Even scarier

the ipod draws power from a firewire port that it also uses to interface with, unsually at the same time. unles theres a cat5 with power this wont work, or would invlove splicing in a power line.

Re:Even scarier

[foobar104]

You could hide it in a wall and have an IEEE-1394 to 10base-T adapter...

Is there such an animal, or are you just making that up?

Re:Even scarier

[Gudlyf]

How about modding a network switch? I can just imagine someone working the insides to allow for a Linux capable device, wire it to one of the ports and it would be virtually undetectable -- even the switch ports would work.

Re:Even scarier

[DaytonCIM]

I'm really not looking forward to implementing new inter-office security measures. But, it seems that the inside covert attack if equal to the outside hacker/cracker attack.

Simply, limiting access to your server room is no longer enough. Now you have to monitor anyone who may access the plenum or just about any area of your office.

Educated, maliciously minded employees, who may have a "bone to pick" with management, may even implement their own "Dreamcast" or "IPOD" attack from their desk.

Uhg... too much to think about.

Re:Even scarier

[kwishot]

This task would be pretty herculean =P It's not just a matter of modifying software (like the DC hack) but actually modifying the hardware. Most good switches have layer3 capability already, for configuration and such, but you'd need to insert some sort of module with the stuff you need.
Also, since switches segment networks, you'd need to hook the device to *every* port of the switch. You'd also be in the realm of simulating MAC addresses and all of that stuff. Switches are layer2 devices, all of this other networking stuff is layer3 and up. Basically, hooking up a dreamcast would be much easier.

Re:Even scarier

Is this a joke? Insiders have always been the biggest security threat to businesses.

Re:Even scarier

[Stonent1]

You can boot NetBSD on old Cisco routers :) That would certainly be an option.

typo

[dotgod]

This seems to have slipped past the editors. Just a reminder that are networks need to be as secure on the inside as they should be on the outside.

Re:typo

[hendridm]

> Just a reminder that are networks need to be as secure on the inside as they should be on the outside.

Your so write, dude. So is he asking a question or making a statement?

Re:typo

[Steve+Franklin]

And here I thought ARE (Advanced Relay Entry? Automated Read-only Extensive?) networks were some arcane kind of network that only the most advanced geeks would know about, and just kept on reading....

Re:typo

[BitHive]

Hey, I love nitpicking too! While we're at it, here's one-- "sneek" should be spelled "sneak". I do so love slashdot, its a haven for obsessive-compulsive nitpicker's like myself. Wait, that should be it's. And nitpickers. Oh shit, I started a sentence with "and".

CONNECTION LOST

Re:typo

You may not know this but they don't edit the content of the original submission. If you don't like the lack of grammar complain to kevin_conaway not the slashdot editors.

Re:typo

No. A typo is a mechanical failure. This error is just plain ignorance.

Re:typo

LOL thanks for the morning bit of humor :)

Re:typo

Also, "nitpicker's" should be "nitpickers" since you want the plural and not the posessive. You are also using the convention of substituting two hyphens for an em dash--which is fine. However, there shouldn't be a space following the second hyphen.

Keeping Slashdot Sanity-Free Since Ninety-Three.

Re:typo

[quinto2000]

At least you have the use-mention distinction down pat. This sentence no verb.

Re:typo

Butt are networks due knead two bee moor secure awn thee inside!

Re:typo

kevin_conaway is a fucking uneducated moron.

Re:typo

[SCHecklerX]

That is obviously *not* simply a typo. It's a demonstration of stupidity.

Linux on Dreamcast

Here is the place to get Linux for your Dreamcast.

Re:Linux on Dreamcast

[00_NOP]

And don't forget the irc channel #linuxdc @ irc.openprojects.net.

Forget all the blackhat nonsense - we need hardware hackers now.

i would like to ..

[minus_273]

see some one "sneek" into my office building.. or did you mean "sneAk"?

Re:i would like to ..

sorry, typo, we meant "5n33k". W3 4r3 50rry ph0r 4ny c0nphusi0n w3 m4y h4v3 c4u5ed.

Re:i would like to ..

[jmcwork]

I bet Angelina Jolie could sneek, sneak,sneAk, or sn33k into your office.

Re:i would like to ..

I wouldnt mind it if she sneaked into my pants.

Re:i would like to ..

I wouldnt mind it if she sneaked into my pants.

I wouldn't mind if a rabid, starving weasel with a penchant for sausages and prunes sneaked into your pants.

How is that going to work?

[Kith_Me]

Someone strolls into the office, notices a dreambox in the corner... and they say "Hmmm, that is normal, I'll just ignore that"... hehe

More likely that they would say "Cool, lets see what game is in it!"

Re:How is that going to work?

[boomer_rehfield]

The Dreamcast isn't the quietest thing around either...

Re:How is that going to work?

[yeoua]

Um, what exactly is a dreambox? Is that the Sega MS console hybrid? Hmm... maybe not only does it have dozens of software upgrades from MS, it'll have dozens have hardware upgrades from Sega. It'll also be out months before Nintendo and Sony variants, yet be completely bug ridden, and won't be stable till after Nintendo and Sony release.

At least it will have great games, from bought out companies.

Re:How is that going to work?

[joshsisk]

It's loud only when the disc is spinning. If you aren't loading game files, why would the disc spin?

Re:How is that going to work?

[jayhawk88]

"Hey Bob?"
"Yeah Mike?"
"There's something wrong with your Dreamcast, I can't get it to boot up Soul Calibur."
"My Dreamcast? What Dreamcast?"
"Your Dreamcast...you know, the one you had plugged into the 2nd floor comms closet?"
"That's not my Dreamcast. Did you ask Dave?"
"Yeah, both he and Shirley say they've never seen it before."
"And you say it won't play Soul Calibur? Did you try booting it with no disc?"
"Yeah, it comes up with some weird black screen and says it's beginning port scan, or some such nonsense like that."
"Huh, I wonder what made it do that?"
"Who knows. Oh well, guess I'll go plug it back into the router that it was plugged into."

Re:How is that going to work?

A dreambox is a miraculous device that stops juvenile smartass wankers like you stop speaking like some pre-pubescent britney-loving teen. First and most importantly it corrects the belief that "Um" means "I'd like to point out an inconsistency in what you said."

Re:How is that going to work?

[peterpi]

Don't know about a Dreamcast, but we certainly wouldn't notice a couple of extra PS2's, GameCubes or XBoxen lying around (I work in a games studio). A bootable CD for the PC is quite worrying too.

Re:How is that going to work?

[arbitrary+nickname]

PS2s, Gamecubes, GBA's... no-one will notice them... but surely someone will notice the gravitational distortions produced by the excessive mass of an XBox.... more than a couple in a confined space and there'll be a black hole to worry about....

Re:How is that going to work?

[peterpi]

You've not seen a GameCube development kit; they're bloody enormous! They're about the same size as two XBoxes stacked on top of each other.

Re:How is that going to work?

[elixx]

I dunno, that sounds awfully different from the box of my dreams...

Any computer

[SpelledBackwards]

But couldn't any computer capable of running Linux and sending/receiving network traffic be able to do this as well? I'd be suspicious of a Dreamcast box sitting in a cube connected to the network. I'm guessing that the only real reason they're focusing on Dreamcasts and not normal PC's are that they're very cheap to obtain and reconfigure.

Re:Any computer

[eikonoklastes]

Yes, it could. The nice thing about the dreamcast is that it is small and cheap. Less than $100 gets you a decent processor and a built in Ethernet adapter. If you're going to risk losing your box when it's discovered, I'd rather it was just a cheap dreamcast than a pricey laptop.

Re:Any computer

[pr0nbot]

Once you factor in the cost of the scarce DC ethernet adaptor it's not so cheap.

Re:Any computer

[Skyshadow]

Yeah, but the dreamcasts are pretty noisy. The 386 I used for this in high school only had one fan (power supply) and was built from parts that were obsolete in '95.

Why use a laptop? You can run a convincing Linux implementation using much cheaper hardware.

Re:Any computer

[great+throwdini]

Less than $100 gets you a decent processor and a built in Ethernet adapter.

Last time I checked, ethernet support on a Dreamcast required a BBA (BroadBand Adapter) which can be hacked together if not bought ... although, I assume you know that, as the $100 seems a bit high for a stock Dreamcast (unlessin' th' price done gone up in afterm'rkit sales).

Re:Any computer

[Jucius+Maximus]

"I'd be suspicious of a Dreamcast box sitting in a cube connected to the network. I'm guessing that the only real reason they're focusing on Dreamcasts and not normal PC's are that they're very cheap to obtain and reconfigure."

Of course you would. The trick is to install it at a jack/hub where you'd find PHBs and not tech people.

Re:Any computer

[batkiwi]

Not completely true.

The dreamcast comes with a MODEM. The broadband adapter was sold in VERY small quantities, and goes for 100-200$ BY ITSELF on ebay, so bump up that "cheap" price accordingly.

Re:Any computer

[NukeIear]

Actually, just the broadband adaptor alone will run you over $100. Add that to $50 for a dreamcast and a cheapo 486 laptop with cheapo nic will be the better bet. The laptop also gives you a nice amount of storage space to keep sniffed packets.

Re:Any computer

[EvilBudMan]

This makes me wonder what you could with an XboX in a couple of years when it costs $50?

--This message was generated by a group of psycho taco eaters.--

Re:Any computer

[Lumpy]

are you nuts?

the ethernet adapter is quite expensive and rare to find. anyone stupid enough to risk their rare and highly sought after Dreamcast ethernet adapter instead of a free 386 or 486 laptop or desktop (at the desktop level you can get P166 for free most anywhere)..

This is about as innovative as using a toaster to toast pop-tarts!

if it runs linux you can do most anything with it..

Re:Any computer

[topham]

Thats why I'm laughing at this whole thread.

I have a TINI (from Dallas Semiconductor) sitting behind me. I has an ethernet port, and serial port. Runs on 8 volts and is small enough you could put it anywhere. It was about $100.

On the other hand, a Dreamcast is about $50 (give or take) + 1 rare broadband adapter. Which boosts the price to $150-$250 for the device.

For $299 CANADIAN ($200 US?) I bought an XBox the other day. Gee, it has built in Ethernet, and, at the point when somebody fully cracks the bootflash could theoretically run Linux and do the same thing.

And have an 8gig drive to log data.

But I don't think that is a realistic use for an XBox either.

Re:Any computer

[Dimensio]

~$100 (actually a little less) will get you a Dreamcast and the BBA. It's just that the BBA isn't built-in.

Re:Any computer

Well first you'd have to find an empty loading dock capable of hiding it.

Re:Any computer

Can someone please show me where you can get an Ethernet card for the dreamcast for less than $100 ?

What kind of penetration are we talking here?

[erik1474]

Higbee and Davis perform penetration tests, and developed their game box cum attack tool
</quote>

Did I read that right?

Re:What kind of penetration are we talking here?

[chef_raekwon]

i read that aswell....
hhmmmmmm,
a joke maybe??
hell, 'penetration tests'?

Re:What kind of penetration are we talking here?

[waferbuster]

To quote the UCMJ, "penetration, however slight, is sufficient to complete the offense."

ahem

[_anomaly_]

"our" not "are"

:-)

Umm....duh!!!!

[Gorm+the+DBA]

"but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. " But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". No? Really? Wow...noone's had that idea since...ummm...the invention of the house.

Re:Umm....duh!!!!

just out of curiousity, when do you think the house was invented?

Re:Umm....duh!!!!

Early 15th century.

Re:Umm....duh!!!!

[boomer_rehfield]

How long do you want to stay in the building? 2 minutes to drop it on a lan connection and hide it behind a filing cabinet? Or a while trying to hack some passwords and installing a backdoor? I think you might have missed the point...

Re:Umm....duh!!!!

[Angry+White+Guy]

It is easier to get caught in the office than plugging in at Kinkos or at an internet cafe. If I wanted to do some massive damage to a company, walking into a company and smashing the server with a sledge would do more damage than an rm -rf /.

However, having a spy on the inside that's going to provide me with network maps, passwords, and all kinds of sensitive information, maybe run a brute force cracker for me, then give me results, then hey, I can do anything I want! Forget damaging webpages, doing L33t haX0r shit, or e-mailing incriminating evidence to the local paper. I'm going after financial records, bank account numbers, and anything else that I can make a buck or two off of!

Even if they found out what was going on, they still have to find out where it's going on!

AWG

Re:Umm....duh!!!!

[Jucius+Maximus]

"But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". "

The thing is that you are probably not going to be a recognised employee in this place. You have to get out fast before someone sees you. The pre-programmed DC allows you to plug'n'run. If you wanted to use a logged in machine, you'd have to sit there for a while and someone would notice that there is a stranger at their friend's workstation.

Re:Umm....duh!!!!

[ELiTeUI]

The BEST person to contact to "plant" a device or two like this, is the contractor they use to physically run wires through the walls. he has access to the network closets, and could likely even leave a wire dangling in the ceiling for your laptop. then you just plug it in to the network switches (among the rats nest of the other 300 or so cables going into the same switches) and you turn it on. it will likely never be noticed unless it is being REALLY actively invasive on the network (hi bandwidth usage, or other things that bog down the network).

Of course if people would stick to Windows

this would not be a problem, but you won't get this bit of analysis from /., which is so biased towards Linux that it's not even funny. This is being characterized as a "cool hack" because it involves Linux. How much do you want to bet that if it involved putting Windows on a Dreamcast and sneaking it into corporate networks, the /. crew would be in full MS-Bashing Mode? "Gee, look at how dangerous Windows is!"

This is sick, but it's pretty much what I've come to expect. You reap what you sow.

Re:Of course if people would stick to Windows

This is a poor troll. Do better.

That wouldn't last one

[CrazyJim0]

If I walked into an office and I saw someone left their dreamcast there, YOINK! Free Video game system for me.

Keep it hidden!

[phraktyl]

I'm pretty sure that someone would notice a dreamcast system sitting on their server rack. However, if you hide it behind a wall, it could sit there for years!

Wyatt

Re:Keep it hidden!

Exactly. I've thought more than once about sticking a pc104-based system attached to a spare network connection under the liftable floor in the server room. Something the size of a paperback book, running off a 128MB compact flash card as the hard drive using the cf/ide adapter from tapr.org. It really would have gone unnoticed for years. Occasionally run ettercap with the banshee module activated, just to keep things interesting :)

What relevance does the Dreamcast have?

[ergo98]

What is the specific relevance of the "Dreamcast" application? I think we all get that consoles are "computers", and with an operating system like Linux there is little to differentiate them from a PC, so why would someone be more likely to drop a rather out-of-place looking dreamcast in a corporation for inside attacks? It just seems really silly to proclaim that there's some additional risk because "theoretically" a dreamcast can be used.

Having said that, many large corporations now enable/disable network drops in a very controlled fashion, and many do MAC filtering on each switch port, the former limits "free" ports sitting for the waiting, and latter ensures that if someone put a hub on one of the active ports that they couldn't communicate on it without a small amount of work (i.e. listening for MAC addresses and then dealing with the conflicts if it tried to duplicate the other devices MAC address). I'm sure there are a lot of companies still getting by with 10Mbps hubs, but I'd like to think that they're the exception rather than the rule now a days? Of course, many companies still have an absurd notion that security is had by simply putting up a firewall, and then all is great, ignoring the massive risk that comes from trojans that get inside the gates. I actually got in an argument with an associate in the business recently when I stipulated that their system needs to presume that there is no firewall, and the system is completely accessible to the outside world. His reply was "Well, we don't worry much about hackers anyways, because there's no way to stop the good ones so why bother?". I was flabbergasted.

Re:What relevance does the Dreamcast have?

[JUSTONEMORELATTE]

Why dreamcast? So they can get free press on /. of course.

Re:What relevance does the Dreamcast have?

[gaudior]

Your reasoning makes no sense, since the Dreamcast has been discontinued by Sega, and is an orphan platform.

The real significance is the almost universal glee to be had around here when someone manages to hack one kind of computing device into something which it was never originally designed for.

Re:What relevance does the Dreamcast have?

There are unpowered hubs for 10/100. Just plug it into a legit outlet, and plug in both what was there and the DC. Still have the MAC problem.

Cyberguys.com stock them for ~$30. Handy for an office that has just a single network connect, and the boss brings in his laptop.

Re:What relevance does the Dreamcast have?

[JUSTONEMORELATTE]

The "they" in question isn't Sony, it's the folks who are trying to claim some kind of cracker breakthrough by running sniffers on a dreamcast.
It's not news that an IP-capable machine with connectivity to a network can search for weakness in the network. These guys use a dreamcast so their non-news can get some attention.

Re:What relevance does the Dreamcast have?

Sega, not Sony... :)

Re:What relevance does the Dreamcast have?

[reddog1]

In the real world of business most companies are on 10/100 hubs and switches but NO they don't lock down the MAC addresses. That is a lot of work and the percieved risk is minimized when you are not in a company populated by assumed computer geeks.

Re:What relevance does the Dreamcast have?

[Hittite+Creosote]

Hmm, a discontinued games platform? I'd say the main point of using a Dreamcast was - it's cheap.

internal security

[dollargonzo]

what do they mean "security inside?" the whole point of a network / firewall setup is that people can't get to you from the outside INTO your inside.

a posting on my local lug group mailing list suggested that firewalls are bad because it relaxed internal network security. that is like saying that you should remove the side rails on the highway, because that way people will be more aware of the dangers.

security on internal machines is always going to be inferior to that of the company firewall. what you should do is try to prevent people from sneaking in in the first place.if they are already in, there really is no limit to what they can do, because they have essentially hacked the network. (albeit physically)

QED

Re:internal security

[boomer_rehfield]

So we should do away with all directory and machine rights because anyone that's on the lan has "essentially hacked the network??"

*blink*

Re:internal security

[John+Courtland]

Or if you have a small enough place (or are very diligent), your DHCP server will know the MAC addresses of all the machines that SHOULD be connected, and deny/log all others. Unless you have a machine that can change its MAC address AND you know the MAC address of a registered machine on the network, you're not getting in.

Re:internal security

[ckaminski]

Who says I need a valid IP address to even conduct this hack. Hell, just as an IP sniffer alone something like this could cause serious damage. And since it can listen to DHCP traffic, it will already know the gateway and address settings, and can readily impersonate any machine it wants...

Granted, it puts some limits on what it can do, but not all that much. You'd need some properly configured switches to minimize this sort of attack.

Re:internal security

[dollargonzo]

no, ofcourse we shouldn't. but to say that everyone inside the network should be as conscious as the sysadmin in charge of the firewall is absurd. and yes, you *have* essentially hacked the network. basic security practices should still be used, but attempting to follow every existing security patch and not allow connections on all but the most needed ports is not realistic

.

Re:internal security

[dpreviti]

I don't think he is saying that everyone inside the network should be as concerned about security as the admin. What he is saying is that to many companies rely on the firewall to protect them and give them the warm and fuzzys. Not doing anything else inside the parimeter which is assuming that anyone inside is ok. Which is a terribly bad thing because one most attacks take place by people inside the company and two if someone gets in and drops a box inside the firewall there isn't any process of monitoring whats going on and it could be setting up a hole or attacking information from the inside out.
DP.

Re:internal security

"security inside"? Intel lawsuit time!

cum attack?

[Salden]

Higbee and Davis perform penetration tests, and developed their game box cum attack tool after finding themselves more than once with physical access to a client's facilities They can't print that!

Re:cum attack?

wokka wokka! And let me just add the secretaries at work fight over my joystick cum attack tool.

Re:cum attack?

You're a dumb ass.

802.11 anyone?

[JUSTONEMORELATTE]

A recent story about 802.11 described the weakness as "Someone walks into your office with a laptop and asks for a network drop." The point of the anology was that the scenario is absurd, but leaving unsecured WAP access points is equally absurd.

Silly me, I hadn't realized the uber-absurd case -- someone walks into your office with a game console and asks for a network drop.

Enigmatically enough, I first read this tagline as "Attack of the Democrats"

Re:802.11 anyone?

That is because the Democratic party has declared war on traditional values and allied themelves with Old Scratch and the forces of socialism. It is only natural that your mind would have conjured "Democrats" from "Dreamcasts."

Re:802.11 anyone?

Enigmatically enough, I first read this tagline as "Attack of the Democrats"

Yeah, I did too. And my first thought was, "This is news?"

Re:802.11 anyone?

[Mikeytsi]

Hey, this adds a whole new dimension to the game. How about a DC hooked up to a wireless base station of some sort, hooked up somewhere NEAR a building? If it's not secured properly, all you'd need to do is sniff out the SSID, and you wouldn't even need physical access!

Wondering again

[Flaming+Foobar]

Almost all companies I have visited have had the opposite 'problem'. To get an Internet connection up n' running, you need to phone a sysadmin to patch the ethernet socket to the switch (most often, the spares aren't connected at all) and then give them a MAC address so the dhcp will give the box a legitimate IP address in the correct space. (Also, Dreamcast?? Suspicious, no?!)

- FF

Re:Wondering again

[Big+Diluth]

Interesting.

Assuming that the place is doing MAC filtering and/or using DHCP assigning legitimate IP addresses to known good MAC addresses, how would you get a MAC added to that system? (Other than just using a MAC already on the system and creating a duplicate MAC address on the network.)

RE: Wondering again

[redzebra]

Duplicating the MAC on the network would for sure
be causing troubles in the network and would give you just troubles and cause a witch-hunt for your box. The most stealhthy thing to do would be opening your interface in rawmode and do some sniff and packet spoofing.

It just depends on what you want to do with your box X. First you snif on the local lan for a machine A connecting to the outside world .

If you just want to get info to the outside you could spoof the packets srcip/mac as if they were comming from that machine A. Your machine B on the outside just takes these in and interpretes them without replying.

If you then want to control the box from outside hide your remote commands in packets which normaly would be discareded or considered harmless by machine A and send them to machine A. (icmp/udp or outdated tcp packets)Your box could sniff them on the way and interprete them like you intended.

Needless to say that machine B on the outside should not be your machine at home but rather
a rooted box which relays the packets for you :-)

-- red.

Sure no one will notice...

[Chagatai]

And then the network guys will start wondering why Ulala from Space Channel 5 has appeared dancing across the network.

a reason to use plan 9

[rpeppe]

where i work, we use plan 9 as a development environment - no NAT necessary. to get through to the outside world, you import the network interface from a gateway machine and use that. however, if an intruder wishes to do that, they must first break the strong authentication used by the import protocol...

so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.

Re:a reason to use plan 9

[Typingsux]

I wish I had mod points to take you down.
Plan 9 did nothing to help me

wireless

[akb]

A machine with wireless networking capabilities would be even more interesting, particularly for networks not attached to the 'net. 802.11 would probably not be best due to its limited range and higher security consciousness around it. Better would be say a pair of old ricochet modems that have range of up to a mile.

Re:Wireless

[gaudior]

Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.

Re:Wireless

[Matey-O]

Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.

Yeah, but if SSID broadcast is turned off, the suspect WiFi basestation would be kinda hard to detect.

Re:Wireless

[DrMaurer]

How regularly? The few admins I know are ran frazzled by lack of help dealing with normal, simple user complaints.

Of course, he'd notice a dreamcast sitting somewhere in the open, but under a desk, plugged into a network mini-hub? Hell, in the unlocked server closet, which also shares room with housekeeping stuff.

It's easy to say "any admin worth their salt" would do such-and-such, but sometimes that just isn't the case, not because they don't want to, but rather because they don't have the time.

When you get in at 6 in the morning and leave at 9 at night every night, are you really in the mood for staying an hour later and looking at the logs? Should he? Probably, but admins are human, and the man I'm thinking of isn't getting paid hourly.

Of course, he is my boss, and I just feel bad because I probably didn't work as hard as I should've. Maybe I should stop putting him down as a reference in my job search. Heh.

Re:Wireless

[karnal]

Actually, what we do is use software that gives us a virtual "map" of the network. Since it's split up in easy to digest chunks, we map out those parts and look for anything... well, odd.

First thing. If the device isn't configured to our exacting standards (read -- we need to buy better cable, so only 10full will run properly), then we'll see rxerrors and crc errors on that particular port on the switch.

Second thing. If the device has a mac address other than one of the standards in-house, we automatically check it out from afar to see what it really is. If we can't do a portmap etc on it, then we go tug cable.

Third thing. If anyone in the user community (including other areas of support) plug a hub or switch in, we'll see it on the device list (multiple macs under one port) and we go and ask that person what the need is, and assist in configuring if it's business justified (otherwise, they can have it back at the end of the day... just like elementary school!)

Seriously, if you're in big business, you've got to get the tools to assist you in making sure this doesn't happen.

And it will happen.

Isn't it standard practice...?

[Kraegar]

To only have connectivity on actively used network drops, and keep all switches in secure closets? To plug in an unknown machine in our office you would have to unplug a known one, and someone's gonna at least notice their computer stopped working. Wouldn't take long after that to discover the switch had taken place. That could easily be circumvented with a machine acting like a silent proxy, but still makes it a tad more difficult. Don't other companies practice similar procedures?

Re:Isn't it standard practice...?

[hendridm]

How about a cheap hub and an obviously active drop, provided you could still find a place to hide it. Who says it needs to be the only computer on the port?

Re:Isn't it standard practice...?

You would be amazed how many people have master keys for those closets. Janitors do, and there is very very little background checking at all done there. And for the most part most closets aren't secured that well.

And so long as the person doing the job brings a small switch or hub with them, no one is likely to notice their machine is not connected just the same way it was yesterday. So then it is just a matter of finding someplace to hide something close to the outlet, and it most offices there are a number of places even within a person's office that could go unnoticed for quite a while.

Re:Isn't it standard practice...?

[Skyshadow]

I've been at three pretty big companies now (two large and one huge), and all three were really sloppy as far as this went. When I built my new Linux box, I just brought it into work and ran a cat5 over to the empty next to me.

Of course, small companies aren't necessarily better. In any event, anyplace with DHCP is just begging for this sort of intrusion. It's a good reason to always assume that someone is listening.

Re:Isn't it standard practice...?

The real solution is to never trust the network: only authenticated clients can transmit beyond certain points (ip stack of another client, gateway routers). IPsec for all communication, any other traffic is closely monitored and triggers warnings (and never leaves the network segment).

Re:Isn't it standard practice...?

[_xeno_]

Where I work and where I go to college (two different places), the network is triggered based on MAC address. Only verified MAC addresses can access the gateway.

Where I work, the DHCP server will only give IPs out to systems that have valid MAC addresses - beyond that, I can't tell you anything. I believe you can't get the routers to route traffic with an invalid MAC address, but I'm not sure about that - haven't had the opertunity or the need to test it. (However, I have had my office machine be "forgotten" about, and it took them a full day to update the DHCP server to allow me back on the network.)

My school is a step more anal - MAC addresses are tied to specific ports - not just drops, individual ports in the dorm rooms. If an invalid MAC address is detected on a port, then the port is deactivated until NetOps is notified and it can take a while to have it reactivated. The ports are also theoretically designed to deactivate if the computer connected to them is operating in promiscous mode, but I'm unsure as to how this is accomplished.

While it is of course possible to - um, "spoof" - a MAC address, tieing the drops by MAC address makes it quite a lot harder for invalid systems to just be dropped onto the network. It means that a tunnel cannot just be established by plugging the box into the network - some actual work would be required. At work, all the drops are always active, and I'd bet you can set a static IP. But at my school, where the drops are tied to MAC address, you'd have to find a port where your box can exist without knocking the original computer offline - a considerably more difficult task than just plugging the box into the network.

Re:Isn't it standard practice...?

MAC address protection does not help against an attacker who can hide a computer near network runs. The additional system could just act as a transparent bridge which adds its own packets from time to time. It would sniff the network for the MAC address of its host and just use that.

Re:Isn't it standard practice...?

[jared9900]

I agree with you, but...
Where I work we're in the middle of a rather large re-org, so many people are being moved around the building right now. We aren't able to keep up with all the moves, and our network closet has become rather jumbled because of the need to connect knew users coming in faster than we can clean up the closet (I just started here, the thing hasn't been reorganized in nearly 2 years).
In response to one of the comments about keys, anyone that uses keys to access secure areas needs help, some other system like combination locks should be used. Also, no janitor should be given to secure areas. If companies are too dumb to use simple precautions to secure an area they almost deserve to be hit.

Re:Isn't it standard practice...?

[_xeno_]

I didn't say it would make it impossible - just harder. Yeah, you could sniff out the MAC address and act as a transparent proxy. But that involves a bit more coding than just knowing the standard C sockets library, since that's getting down into the network layer. (Transport layer? I can't remember the name - the Ethernet layer as opposed to the IP layer.)

Nothing is really impossible - the key is making it more difficult than worth it. Especially when it'd probably be far easier to just root one of the "authorized" machines, since my school is on the Internet with no firewall, and my work contains the brilliant engineers who leave their passwords on little sticky notes up on their monitors to ensure that other people who want to use their computer can. Really.

(Or add Guest to the Administrators group, or set the root password to "password" or "${COMPANY_NAME}", or...)

Re:Isn't it standard practice...?

[lucifuge31337]

Where I work and where I go to college
followed by....

haven't had the opertunity

Sorry. I don't believe that you are going to college if you can't spell opportunity.

Re:Isn't it standard practice...?

[turambar386]

Can you say "administrative nightmare"? Sure, I knew you could. Especially for companies with many branch offices where people come and go with laptops. 'What do you mean the CEO has to call Operations every time he wants to plug in his laptop??!'

Plus, the kinds of switches that are capable of disabling ports based on invalid MAC addresses and can detect promiscious mode are very very expensive.

Re:Isn't it standard practice...?

The problem is that often this wouldn't work because it is common practice to place MAC address restrictions per port. In other words, if you did that the switch would see the MAC addrtess of the new device and, if configured ocrectly, disable that switch port.

Re:Isn't it standard practice...?

They're not too bad anymore. The cheapest of Cisco's access layer switches can actually do it - Catalyst 19xx series.

I wouldn't complain...

[Derek]

...if someone came into my house and dropped off a dreamcast! :-)

-Derek

Re:I wouldn't complain...

[b1t+r0t]

I'd be happy enough it they just dropped off the broadband adapter.

Still A PS2?

[BMIComp]

Although the article doesn't mention this, I'm guessing that since they have a custom linux installation, that the modded dreamcast won't be able to run its normal dreamcast functions. What would make this seem even more inncuous would be to allow it play games too.

Re:Still A PS2?

The "custom Linux installation" is a CD, just like any other DC application. (OK, technically, official DC applications are on 1GB GDROMs, not CDs, but DCs produced prior to ~10/00 can read CD-Rs just fine.) There's no modification of the DC.

What the article _really_ fails to mention is that the ethernet adapter for the Dreamcast is both difficult to obtain (in the US) and another $150 on top of the cost of the console. For $200 one could get an old 486 laptop and have the added benefit of battery backup. One could also add a WiFi card and untraceably control the box without ever needing physical access again, something that can't be done with the DC.

DreamCast == Cheap

[code+addict]

Other people keep asking why a DreamCast, why not a laptop... I'm assuming they're using DreamCasts because they are cheap, and they don't mind throwing them away to accomplish their task.

Yes, but it doesn't mean what you think it does...

[Svartalf]

While it's a slang term for something sexual, it's also latin for "with". It's being misused in this context.

Ok. Reality check folks.

[carlcmc]

IF ... someone can get in undetected and hook up a dreamcast in a few minutes, your security has already been breached. If your company has something it doesn't want people to access without authorization on the computer, they should have at least the same security focus for the building.

With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.

Re:Ok. Reality check folks.

[beebware]

In my experience, it's the case of if you look out of place you obviously aren't meant to be there. The "secret" is to look like you "belong" where ever and know exactly where you are going - I've walked round my old company at 10pm at night (it's a 24/7 factory) in 'skivvies' and no one questioned me, I've wandered around hospitals, office suites etc etc - all without questions asked. Ok, I may have had no idea where I was going, but as long as you don't look like that you can usually get anyway without question.

Re:Ok. Reality check folks.

[mikeee]

And of course, your company does full background checks on it's janitors, yes?

'Um... Jose, is it? I'll give you $500 if you plug this in under a desk up there...'

Re:Ok. Reality check folks.

And why can't the janitor be called Walter? Damn racist!

Re:Ok. Reality check folks.

Why Jose? Because there are more Latinos named Jose than named Walter. Does it begin to make sense now?

Re:Ok. Reality check folks.

[mgblst]

So, where do you work again? I think the main point is that DC is cheap, and can be dressed up as anything, a new pot plant, a black box, who would think that something like that, if hidden well, was causing trouble. Certainly it wouldn'y be the first thing that they would look for, if a breach was detected (unless they are /. readers)

Re:Ok. Reality check folks.

[pyro_peter_911]

when was the last time you walked into your company in non-work clothes... and no one stopped and questioned you?

Tell me more of this strange concept "work clothes" that you speak of?

peter

Because of the footprint and cost...

[digitalamish]

Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts. You could scatter them around to a few drops as backup. In addition, the footprint of the box is small, and you don't need a standard PC case. Who wants to buy a BookPC or a Cappucino (sp) only to lose it.

Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
--
"That's Homer Simpson sir. One of your drones from sector 7G"

Re:Because of the footprint and cost...

[topham]

4-5 dreamcasts, without broadband adapters. And, currently a broadband adapter is going for anywhere from $60-130US there are cheaper things I could aquire to do this...

Hell, I have such a device sitting behind me. Ethernet (10baseT) and small enough to hide almost anywhere. (About the size of a dimm.)

Re:Because of the footprint and cost...

[earlytime]

If we assume for a moment that if you can get into the faciity undetected and place a device on the network, that it's not game over already......

why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.

Re:Because of the footprint and cost...

[frohike]

...$300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts.

You see, that's the funniest and most ironic thing about this whole hack. If you equip a Dreamcast with a Broadband Adapter (which is what it sounds like they did) then you are still looking at about $200-$300 of cost for one box, assuming you can even obtain the DC and the BBA! They are both getting more rare, and BBAs regularly go for more than the DCs on places like eBay.

All in all, I'd say you'd be a lot better off buying a PC104 board and stashing it in an old PSX case or something, if you wanted the game console for innocuousness look.

Re:Because of the footprint and cost...

[dohcvtec]

I know of a place where they have scads of 486 laptops for $5-$10. You can't get a Dreamcast for that cheap, much less the Broadband Adapter (NIC). You can get a PCMCIA NIC to go with your 486 notebook for $10. Besides, either way you have to get the hardware in the door. Neither the DC or a laptop are small enough to conceal when you're walking through the front door, but wouldn't you think carrying a Dreamcast into a company would attract attention, if not suspicion? Laptops are everywhere, and nobody will bat an eyelash if you're carrying one.

Re:Because of the footprint and cost...

[phaktor]

Why would it look suspicious if you say put it in your briefcase or backpack. How many companies care what you bring in? they care more about what you take out.

Re:Because of the footprint and cost...

If you drop in a WAP, they can easily be found by all the RF they pump out. I mean, you might well notice if you didn't have a WAP & then you did...

On other networks, there's legitimate traffic to hide behind...

Re:Because of the footprint and cost...

[Stonent1]

I can pick up Sparcstation IPXs, IPCs, and Classics all for about 10-30$ on ebay . Just a little bigger than a dream cast and they look like the have a purpose. (Not to mention hard drives. Hell, just drop one right in the middle of the IT department. We've always got wierd shit on our desks doing God knows what.

Re:Because of the footprint and cost...

[hesiod]

> but wouldn't you think carrying a Dreamcast into a company would attract attention, if not suspicion?

It might attract a few glances (assuming you were carrying it openly, and not in a bag of some sort), but I doubt anyone would think you were going to attach a game console to their network for scanning purposes...

Re:Because of the footprint and cost...

[earlytime]

sure, they pump out alot of RF, but who's looking for it? do you know if & where there's a WAPs in your building? When's the last time anybody checked?

It's as easy to find as a rogue dreamcast sitting under somebody's desk, or in a comm closet.

That was from Pirate School!!!

[cnelzie]

Been to Pirate Training School?

Replacing 'our' with 'are' is a very common pirate thing to do. Of course, even that was slightly misspelled since 'arr' is the most correct usage, matey...

-.-

This reminds me of my university

[galaga79]

This reminds me of my university where people connect their laptops to the network when they aren't supposed to do so. It isn't to tricky either, you just need to find a desktop someone isn't using, find out it's IP, unplug it, set your machine to it's IP address and connect it up. Now I imagine this would present quite similiar security problems to a rogue Dreamcast or iPaq connected to the network.

Perhaps the only way to overcome this problems is give IP addresses to trusted MAC addresses only. In the context of a university this could mean the student could apply for an IP address, but could you trust the student? That's the real question

Re:This reminds me of my university

[minus_273]

that is what we do at our IT office here in my university, we allow cetain mac addresses only on certain ports

Re:This reminds me of my university

[glwtta]

but could you trust the student? That's the real question

um, in short: no.

Re:This reminds me of my university

[imta11]

Most schools require mac address registration lately. You can walk on to the Oberlin campus and just start typing away. Other schools are like that too. Just make sre you wear an abercrombiecostume so to not raise suspicion.

Re:This reminds me of my university

[Jucius+Maximus]

"Perhaps the only way to overcome this problems is give IP addresses to trusted MAC addresses only. In the context of a university this could mean the student could apply for an IP address, but could you trust the student? That's the real question"

Even if you don't trust the student, you'd have a name and student id number attached to the IP and MAC so it some port scanning or cracking is going on from that IP, you know who to prosecute.

Re:This reminds me of my university

[theRiallatar]

They're considering doing just such a thing at my University. The problem comes when you've got thousands of students asking to get the "internet" on their computers, and they have no idea what this "IP address" or "MAC address" thing are.

Re:This reminds me of my university

[afidel]

The way they did it at RIT was that you got a max of 2 semi-perminant IP's by registering your MAC with the DHCP server using an SSL web page that set up a DHCP lease for 330 days for one IP to that MAC. This worked well as the leases released themselves for the next school year and the system could be fairly trusted as you used your login and then that IP was tracable back to you. Yes you could do IP spoofing but it made it much harder than most other systems.

Re:This reminds me of my university

[GlassUser]

Right, because it's so hard to sniff then fake a MAC address these days.

Re:This reminds me of my university

[Moonshadow]

This is actually the policy at Arizona State. To connect the the network, either by hard line or wirelessly [Full 802.11b network covering campus :)], you have to register your computer's MAC address against your student ID. That way, if you hack something, they know exactly who to prosecute. You are responsible for your own hardware. If Johnny Hacker down the hall gets access to your computer and compromises the IRS, you're held responsible. Of course, most people have no clue and just register away, which means it would be laughably easy for a determined hacker to gain access to a box and zombie it, but the level of responsibility is still there.

Re:This reminds me of my university

At UCSD they require you to register your MAC to gain access to their wireless net

Sniffing

[lsoth]

I don't know who makes the NIC cards in the Dreamcast, but if it was a non-standard NIC (like 3Com or Linksys etc...)wouldn't anyone doing any sniffing at all notice a wierd MAC address (meaning the first few bytes which indicate the manufacturer) on their network?

Re:Sniffing

[topham]

Unless you have an unusual network where 99% of it is from the same manufacturer your unlikely to notice unless you start looking. I don't have the broadband adapter for the dreamcast, but I understand it uses a Realtek chipset. So, I expect it uses a similar MAC address range as the more generic cards out there. Not sure what the manufacturers id would be.

With a network of a few hundred machines and random equipment I doubt it would be noticed. Add to the fact that you won't have a mac address for antyhing except what is on your own segment...

You aren't likely to notice it unless you are already checking for non-approved equipment.

What about WAPs?

[Kakarat]

The same thing could be done with wireless access points. In fact, it would be easier since with little or no experience, someone could walk in, find an open drop, plug in the WAP, and leave. Granted that the range is not worldwide, but you can get the same results. In some situations you don't even have to enter the building to set one up. Just leave that up to some ignorant employee.

Re:What about WAPs?

[hyperstation]

...and continuing on this note, what about installations with unsecured WAP's (many)? it's possible that someone could just hide a small system with a wireless iface in some inconspicuous place. all it needs is the juice.

Yeah, right.

[autechre]

"availability of an Ethernet adaptor"?

You almost have to kill someone to get a network adaptor for the Dreamcast. I'm not even sure they're being manufactured anymore (I wouldn't think so), but there are a few on eBay; the cheapest one is $60.

Besides, as other posters have mentioned, a Dreamcast doesn't exactly look inconspicuous to me, especially if some person I don't recognise is carrying one around in my building.

Re:Yeah, right.

[JBMcB]

The Sega Broadband (Ethernet) adapter is, like most of the rest of the Dreamcast, an off the shelf ethernet chip on a PCI-to-Dreamcast bus adapter. In fact, a genius/loony in Japan made a whole Dreamcast->ISA adapter, as witnessed here.

http://www.ma.nma.ne.jp/~ikehara/dc/dcne.html

Re:Yeah, right.

[nizcolas]

http://www.lan-kwei.com/dcE/ Thats a site that has some dc BBAs. looks a lil iffy though ;)

Re:Yeah, right.

[leroybrown]

You almost have to kill someone to get a network adaptor for the Dreamcast

aha! more proof that it's not the video games that cause violence, but the actual video game consoles!

Re:Yeah, right.

[Cryptnotic]

US$109. Ouch. Curse Sega. Of course, they probably come from Japan, where you can still find Dreamcast stuff in game stores.

Nothing New

[chill]

I remember building what looked like a serial port gender changer with a wire hanging out of it, but was really an AM transmitter. Plug it into a serial port, and it acted as a radio modem sending out everything that went over the serial port.

This was back in the days of 1200/2400 baud modems. Plans for the device were in 2600 magazine. It had a range of about 500 meters, and broadcast on about 560 KHz. You needed a companion device on the other end. You could record the audio signals then decode them on your PC later. ...

On a side note. Even better would be a handheld with TWO expansion ports -- one ethernet to sniff and one 802.11b to sneak it out. Just park across the street with a laptop and another 802.11b card. Instant backdoor to the network.

Re:Nothing New

they built it already, it's known as the Newton MessagePad 2000/2100...

useful

[(trb001)]

This is, by far, the most useful use for a Dreamcast I've heard of.

--trb

Wireless

[AlgUSF]

Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.

Real Risk

[stoolpigeon]

for those of you w/real reasons to be concerned- would be that if these guys have thought of this - who else already has something much better in a nice small, concealable package.

And then think about how many businesses don't even come close to providing physical security to all the ports that connect to their network. Sure the computer room is locked- but how many cleaning people are in the offices at night? Usually if you worry about them at all- it would be that they steal, not leave something behind.

I had to do some work once at a call center for a client of ours. A large credit card company.

I pulled up to their building but it was this big glass box and I wasn't sure where the entrance was. I just walked around until I found a door. It was open and their were people standing around smoking. So I walked in. I was in the back by the break room.

I wandered around in there for 10 minutes or so until I found the front desk. When I walked into the lobby from inside the building and asked for the guy I was supposed to meet she was pretty freaked out. They brought up security people and asked how I got in, etc.

I hope my credit card company isn't that easy to get into. But I'd be surprised if its much more secure. I wouldn't be surprised it it is less secure.

Something to think about.

.

Re:Real Risk

[dcocos]

When I'd just finished college I interviewed with Wells Fargo and I assure their security was much tighter. I was pretty impressed that the revolving doors required badges and if two people tried to go through at once it would stop the door and rotate it backwards so you couldn't get in.

Re:Real Risk

I wandered around in there for 10 minutes or so until I found the front desk. When I walked into the lobby from inside the building and asked for the guy I was supposed to meet she was pretty freaked out. They brought up security people and asked how I got in, etc.

I hope my credit card company isn't that easy to get into. But I'd be surprised if its much more secure. I wouldn't be surprised it it is less secure.

Where I work at I wouldn't know an intruder from a new employee, and since I don't want to embarass myself, I just assume they should be there. I guess the solution would be name badges, but that would cut into the profits. Of course company policy says all visitors, including terrorists, must sign in at the front desk. So if I ever see a terrorist I'll just remind them of the policy.

Re:Real Risk

[handorf]

Yeah, we've got those where I'm at, too. The number of times I've caught up with the guy in front of me on my way in and said "Hey, I fogot my badge, can you scan me through?" is without number.

Also, those doors have malfunctioned at least 10 times in the past 10 months. Once it just sat there all day spinning. Anyone could have walked though.

The door is only as secure as the people who use it and how well it is maintained.

Re:Real Risk

[stoolpigeon]

I'd hazard to say the only way to have real solid physical security is to have one point of entry/exit and to have that point monitored by competent human beings.

Even then you've got some decent ways around it.

The problem is to get even half decent physical security is expensive. Noboby wants to pay the cost.

Automated systems as you say can be very buggy and pretty easy to get around when you want to.

This article just made me think of all the places that probably aren't too physically secure that have sensitive data that is about ME. That gives me reason to pause.

.

Re:Real Risk

[majestyk2000]

Out of the places I've worked, none surpass AOL (yes, that AOL) as far as physical security went. Not only was there only one door to get into and out of the building, you had to swipe a card thru a reader to open the door, which gave you access to a 'cattle chute' where a live security guard checked your ID and then buzzed open a second door for you. No crap.

Re:Real Risk

[dcocos]

Which AOL building have you been too? I've been to the headquarters in Dulles, VA a couple of times and didn't see anything like this.

This happened to me...

[FortKnox]

... so I just popped in NFL2K2 and showed the hacker who was boss!!

I imagine that it would be the same thing if....

[cnelzie]

...this was done with Windows. Although, I have to say that it would be harder, if not impossible, to perform with Windows. The reason is that you simply do not have the source-code to muck about with.

With the source code you can a variety of things, like getting the OS to run on platforms not originally intended to run that type of OS. Is it even marginally possible to get Windows to boot on anything other than a x86 or Itanium based system these days? (Note: I am only talking about modern releases of Windows, not NT4.0 and its Alpha support. This is not counting XP Embedded or WinCE/PocketPC releases, which again are limited to one maybe two processor types.)

-.-

So the commercials were right...

[Cutriss]

All those girl ninjas running around stealthily tucking Dreamcasts under their arms - They weren't trying to steal them. They were trying to deploy them!

Now I understand the tagline... It's thinking...

Re:Yes, but it doesn't mean what you think it does

[ergo98]

Is it being misused? While the dictionary definition is "together with" (which would make the posting correct as it is a game machine together with an attack tool piece of software), the popular usage is sortof a "transformed into".

i.e.

Simple nerd cum spider shooting superhero

Lowly PC cum corporate server

blah blah.

Re:Better late than never?

[hendridm]

Slashdot collects headlines from other news sites, attempts to filter out the uninteresting, and posts the goodies here for all to see.

There you go, Mr. DuMass.

Dreamcast = Bad idea, Pal - good idea

[xchino]

I agree that a dreamcast is a stupid idea. It's bulky and relatively expensive, plus it needs to be modded. I did something similar to this to prove to a company I do work for that their network is easy to hack from the inside. I used my Palm m505 with ethernet adapter, running linux with a packet sniffer hat constantly logged traffic over 1 specific cat 5 cable. The great thing aout it was I was able to hide it within a vent. So no one stole my palm to give to their kids.

Dreamcasts are VERY LOUD!

It sounds like a small jet engine running and can overheat easily with the dinky little fan. How you hide that?!

More ways - AUI transceivers

[ultima]

A Sun IPX (or any lunchbox style) system with an AUI port and a modified transceiver is much better. I use one of these as a secure syslog; in particular because you can modify the transceiver so that while it is capable of receiving data, it is incapable of sending at a hardware level. There is no way, short of physical access, to detect the machine. It's great for packet sniffing and logging -- syslog using UDP is connectionless, and works well with read-only network connections. This is also better than modifying the ethernet cable, because these modified cables do not actually work properly (the transceiver with tx pins removed will keep a valid *empty* tx signal, whereas a modified cable usually just pumps the rx'd signal back to tx, confusing the equipment into maintaining a link).

And if you can sneak in once, why not twice? Or better, equip the computer with a cell modem or amateur radio equipment (How many "wartalkers" look for that, eh?) , and dial in. No need for probes which may set off IDS systems, or outgoing packets (like ARP or DNS requests) that alert crackers to a computer's presence.

I think you cut pins 3 and 10 (on the connector to the computer on the transceiver) but that's not certain.

simple solution - distributed firewall

http://www.research.att.com/~smb/papers/distfw.htm l

Re:Why is this specifically a problem for dreamcas

[sys$manager]

I'd like to see you hide an E10k in the ceiling.

Re:Why is this specifically a problem for dreamcas

[Real+World+Stuff]

The article states that this is a "disposable solution. Their intent is a drop and go process. This is less appealing with a thousand dollar laptop or other devices with aforementioned IP stack. More dreamcast mod info here

Did it.

[Skyshadow]

Back when I was in high school (1994 or '95), we put together a small 386 -- no case, no nothin' -- with a NIC and stashed it above the library computer lab. This was pretty much just to see if we could, which as I think about it seems like the reasoning behind most of what I did in high school. Well, at least the things I did in high school that didn't involve girls.

We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.

Of course, they didn't fix the basic problem or find our little friend. For all I know it's still running up above the 'ol drop ceiling -- we were to chicken to try and retrieve it. Of course, this was a private school, so the real joke was on us (the clue -- consultants were being paid for by our own stupid selves).

Re:Did it.

[Smooth+Hound]

And now it is even easier with one of these

Re:Did it.

We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.

Dude, you should have openeded joe schmoe consulting at the same time and advertise, could have made some bucks.

Re:Did it.

[dpreviti]

haha to funny... thanks for the memories. We did something simular. Hooked up a 300 bps modem and stashed it next to a lab computer so we could dialin and access the VAX.

Ahh highschool

Re:Did it.

what was that ip ?

Re:Did it.

[LinuxHam]

Yeah, high school. Even in '87, I learned COBOL on punch cards. I don't remember what language I was learning on the "mainframe", but I also learned how to read hands typing passwords (still useful today for learning numeric passwords on door locks) When we figured out how to IM each other, the operator interrupted our class because we were "slowing down the mainframe" with our instant messages.

The CPU must've been that op's Timex.

Re:Did it.

Actually, typical mainframe was totally pathetic when dealing with IO for users, terminal IO generally had an illogical priority and could be used to pring the system to a virtual halt. (Hence PAGE based terminals.. ugly things they were).

Does anyone see

the irony that it is called a Dreamcast in this context?

ethernet adaptor for Dreamcast -- where?

I tried a while back to buy an ethernet adaptor. I was not successful. If anyone knows where to get an ethernet adaptor for Dreamcast, please post the info.

Re:ethernet adaptor for Dreamcast -- where?

[zoward]

Good point. This becomes significantly more complicated if you can't get ahold of a broadband adaptor for the Dreamcast. The last time I looked they were for sale on eBay for at least twice what you would pay for the unit itself! I just looked, in fact, and neither eBay nor Half.com had one for sale at any price.

Alternatively, you could run a coder's cable (they run about $20 US) from the serial port on the unit to the serial port of a standard PC, but at that point, you might as well just lug in a laptop. A coder's cable is a a good way to network your DC if it runs Linux or BSD, though. You can then mount a different machine as a network drive using NFS.

Re:ethernet adaptor for Dreamcast -- where?

[serial+frame]

Uggh...But it's so SLOOOW!

Just reading this article makes me shit my pants and utterly pisses me off. I was almost crying after a lame sob story from a college guy not having a computer to get online with when he bought the last Broadband Adapter at our local game trade shop...ARRGH!

Are there ANY people out there who have retired their Dreamcast Broadband Adapters, and would be willing to donate to an aspiring coder? With a Broadband Adapter, I could do things not limited to novelty, such as:

• Test my window manager on a somewhat constrained platform (16MB of RAM - the space consumed by the kernel and the initial ramdisk).
• Write an accelerated XFree86 driver using the tile-based rendering capabilities of the PowerVR graphics chip.
• Eventually port KallistiOS' OpenGL implementation over to Linux.
• Use the Dreamcast as a self-hosted development environment with an NFS mount to my main box.
• Use the Dreamcast as a simple, on-the-go replacement for my main computer.

As one would imagine, accomplishing the above would be extremely slow, as much code would have to be transferred back and forth, and many binaries would be dumped to my box for storage.

I can think of more things if you'd like. And as soon as I'm done with the Broadband Adapter, I'll pass it onto someone else who may need it.

[The above has been a rant. Thank you for reading.]

no, it wouldn't

[BlueboyX]

The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."

I laughed out loud when I read this. :>

Re:no, it wouldn't

[psxndc]

Um yeah, but if I were walking around my company and saw a laptop on a desk I would think "Oh, someone sits there". If I saw a dreamcast sitting somewhere I'd be like "WTF is a dreamcast doing here". A DC is waaaaaay more suspicious.

psxndc

Re:no, it wouldn't

[tg_schlacht]

Yes,you might think it was suspicious if it was sitting out in the open. If it was stuck up in the ceiling or taped up on the underside of the work surface in a cubicle you'd never even see it and never even be suspicious.

Re:no, it wouldn't

[Helter]

But a laptop that you can't see IS suspicious?

Re:no, it wouldn't

[tHiNk411]

Yea, I think its an awesome article, and I have a few DC's that I am going to do this to for fun. BUT......I think if someone found a DC connected to a cat5 taped to the underside of a desk, or in the ceiling, I would think they would be calling the FBI ect. to have that thing torn apart, and then find out where its tunneled to. Then if the attacker was stupid enough to have it go to his own IP then he would get knocks on the door, if he had it going to a comprimised machine then that machine would be torn apart and I hope there wouldn't have any trace to the attacker. Fun idea, but better cover your tracks HARD because if someone finds a DC duct taped in a cieling there gonna know something BIG is up, and someone that knows what there doing is behind it.

Re:no, it wouldn't

[frenetic3]

i dunno, i think even _my_ boss might raise an eyebrow at a dreamcast tucked behind the poland springs cooler next to a rapidly blinking green ethernet light.

"i don't think that's soul calibur, son"

-fren

Re:no, it wouldn't

it's spelled "sole calibur" asshole

Re:no, it wouldn't

i doubt the fbi would get involved in such a case unless you could prove there was an actuall crime committed

Re:no, it wouldn't

[Second_Derivative]

These guys have probably been playing too much Metal Gear Solid 2. I imagine they think a guy walking around in a sneaking suit and taking photographs during a big presentation wouldn't be in the least suspicious ;)

Re:no, it wouldn't

[frenetic3]

heh, no it's not :P

http://www.soulcalibur.com

-fren

Re:no, it wouldn't

[Bilestoad]

"sole calibur"

Isn't that the awesome fighting game where enormous flat fish battle to the death? Or was it the one where big shoes attack each other?

Re:no, it wouldn't

[C0LDFusion]

The war on terror gives the Government the ability to do what it likes. Slow day at the FBI?

"Sure, we'll check out the suspicious game console on the ceiling. Oooh, it's snooping, let's go find the hacker scum! *Bang bang* Oops, we shot the hacker. Oh, well, he was a terrorist and he was reaching for the AK that we're sure he owns, because hacking is terror!"

Re:no, it wouldn't

[C0LDFusion]

"As you know, the only thing that can stop a hacked Dreamcast is of course, another hacked Dreamcast. After the Shadow Moses incedent, the easy proliferation of Linux made it easy for rogue states to..." !!!

*Marines tote the DC-holding fat guy in a latex 'Sneaking Suit' to the middle of the hold*

Re:no, it wouldn't

is there some way to get information from the dreamcast without being traced? Maybe like having it send information to a hotmail address that you check only in university computer labs and library computers? When I realized the openness of most university computer labs I set up back orifice on a few to see what people were looking at. Obviously they lock them at night, but not during the day.

Re:no, it wouldn't

It's the fighting game where there is only one guy on screen.

That's nothing compared to...

[Kirby-meister]

...hacking a company with the Playstation 2 - it can scan 75 million ports a second, 20 million with effects.

Cache of the Article

[RicochetRita]

When Dreamcasts Attack White hat hackers use game consoles, handheld PCs to crack networks from the inside out. By Kevin Poulsen, Jul 31 2002 5:26PM LAS VEGAS--Cyberpunks will be toting cheap game consoles on their utility belts this fall if they follow the lead of a pair of white hat hackers who demonstrated Wednesday how to turn the defunct Sega Dreamcast into a disposable attack box designed to be dropped like a bug on corporate networks during covert black bag jobs. The "phone home" technique presented by Aaron Higbee of Foundstone and Chris Davis from RedSiren Technologies at the Black Hat Briefings here takes advantage of the fact that firewalls effective in blocking entry into a private network, are generally permissive in allowing connections the other way around. Higbee and Davis perform penetration tests, and developed their game box cum attack tool after finding themselves more than once with physical access to a client's facilities -- posing as an employee in once case, crawling through a drop ceiling in another -- but without a way to leverage that access into remote control of the company's network. "It's not that hard to get into an organization for one or two minutes," said Higbee. They chose the Dreamcast for its small size, availability of an Ethernet adapter, and affordability -- the console was discontinued last year, and now sells used for under $100 on eBay. Loaded with custom Linux-based software and covertly plugged into a spare network port under a desk or above a ceiling, the harmless-looking toy becomes the enemy within, probing the company firewall for a way out to Internet. The box cycles through the ports used for common services like SSH, Web surfing, and e-mail, which tend to be permitted by firewall configurations. Failing that, it tries getting "ping" packets out to the Internet, and finally looks for proxy servers bridging the network to the outside world. Whatever it finds, it uses to establish a tunnel through the firewall to the intruder's home machine. "Most organizations focus on the perimeter," said Davis. "Once you get through the outside, there's a soft chewy center." The pair suggested some techniques for mitigating the risk of dropped-in hardware -- restricting the LAN to pre-assigned MAC addresses, for one -- but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. The pair plan to release their Dreamcast software on their website next month, along with similar code they developed for the handheld Compaq iPAQ, and a bootable CD ROM designed to be slipped into print servers and other kiosk PCs. While useful, they note that the other platforms lack at least one of the Dreamcast's virtues. "It's innocuous. It looks like a toy," said Davis. "If you bring it into a company, they're going to go, 'Wow, look at the toy!'" What? You mean it isn't Slashdotted yet? How'm I supposta Karma-whore, now?!

Inside security is a waste of time...

[jsonmez]

Inside security is a waste of time past the doors. If I can come in and drop a dreamcast into your company, then I can just as easily, dismantle your system and take out the hard drive. Or start smashing every PC in the server room. If someone is in your doors they can do anything they want.

Re:Why is this specifically a problem for dreamcas

[Seekerofknowledge]

Exactly. This could be serious FUD or just in general bad publicity for Linux as you could just as easily leave a Win2k box or iMac or something else that big corporations love in there to do the exact same thing. But no, they make the assertion that it is Linux and Linux can be very dangerous. If "slips" like this keep happening people really will be afraid of Linux and then it's all over for us.

Cheap?

[zsazsa]

From the article: Cyberpunks will be toting cheap game consoles on their utility belts this fall

Yeah, the Dreamcast is dirt cheap. The "broadband adapter" needed to hook it up to an ethernet network? Quite pricey.

I'm sure a few people mentioned it, but...

[glwtta]

yeah, if you have random people entering your building unsupervised and plugging things into the network, you just might have a security problem, Dreamcast or no Dreamcast.

I would think much in the same way, a Dreamcast running linux can be used to seriously injure a person, but sneaking up on them and hitting them over the head with it, repeatedly. Of course that's not newsworthy, unless it's a Dreamcast running linux.

Permissive dhcp

[inkfox]

One of the biggest problems here is that so many companies are permissive with dhcp. If security is a real concern, you shouldn't be handing out IP addresses to unknown MACs like christmas candy. Having to figure out a safe/available IP address ahead of time at least makes this more difficult.

Re:Permissive dhcp

[kbroom]

Even with no IP address given by dhcp, I think it would be possible to sniff traffic via ARP poisoning.
You don't need an IP to send ethernet packets (which is where ARP lives).

Re:Permissive dhcp

[ivan256]

No it doesn't. You don't have to get an IP via dhcp, and it's easy to sniff IPs on the network to see what's valid. Switched port, with no broadcast traffic? Use a hurestic algorithm to find a valid IP on the network with an exhausted search. You can probably find a working configuration without trying more then 1% of the configuration space. Available? Who cares! Just make sure you have a lower latency to the router then the machine you're sharing an IP with. Oh, and don't forget to spoof their MAC address.

In fact, the setup we have here gives out "safe" IPs to machines with MAC addresses it doesn't know. The router is configured to not allow traffic from these addresses to access internal resources. In this case, it's actually more difficult to NOT figure out a valid configuration on your own.

Don't fall into a trap by thinking you can improve security through your dhcp configuration.

Uh-oh

[stevarooski]

As soon as I read this story, I jumped up and combed our office for sinister-looking dreamcasts creeping about the floor plugged into network ports.

Luckily, we were safe--THIS time. Those security-sapping plastic mosquitos could hide anywhere though, so maintain constant vigilance!

cum shooting?

Simple nerd cum spider shooting superhero

Well, if we apply GDB to this phrase, we "debug" it, getting rid of the "spider":

Simple nerd cum shooting superhero

and magically, the sexual connotation is restored.

heh

[Whafro]

Higbee and Davis perform penetration tests, and developed their game box cum attack tool after finding themselves more than once with physical access to a client's facilities

... he said "cum"

Re:heh

[aardwulf]

after they performed penetration tests...

Re:heh

and penetration... ...in the same sentence!

Re:heh

Higbee and Davis perform penetration tests, and developed their cum attack tool after finding themselves more than once with physical access to a client's "facilities"

More software ...

Wait until someone sneaks a modified Dreamcast into the Slashdot server rack. Linux ... check. Penetration software ... check. Spell checker ... check. Jon Katz firewall ... check. Auto-goatsex ... check. And so on ...

Still Have to Buy a DC and A BBA Adapter

[matt-larose]

Dreamcast 50-76 bucks, Broadband adapter = 120-175 bucks. Could you not do this with a 486 laptop ?

This is just a "heads up" for naive admins

[robslimo]

It's nothing new, just a practical demonstration of what every system admin involved with their network's security ought to already have in mind. The big guys (most of them, anyway) already deal with this. As a sometimes contractor to Deere and Co. (of the green tractor fame), I know that you can't get outside from their network on any port without going through (and authorizing with) a proxy. The same or similar is true at Caterpillar and a few others I've seen that you might know recognize. So, it's nothing new, but a good demonstration and reminder.

Re:Yes, but it doesn't mean what you think it does

The literal translation of cum (rhymes with room no dumb) from Latin is just "with". For example, Summa Cum Laude literally means with the greatest of praise.

Did something similar

Near where I live there is this giant uber arcard called Playdium. Instead of using coins or tokens in the machines to get credits you swipe a little plastig card with a barcode on it through a reader. This reader in turn is hooked up to a solid-state machine running MSDOS which then contacts a MS SQL server to see if their is enough credit on the card and if there is it sends an authorization to the machine.

One day we decided that we wanted to get free video games. After scoping the place out we discovered that all the 10baseT ports that the video games plugged into were in fact patched into a 3com 3300 switch and were active. The network designers I guess figured it would be easier to activate all the ports instead of making some video game tech figure out how to patch stuff in.

We brought in a laptop with a long cat5 cable and looked for a place to plug it in where we wouldn't be noticed. Jurassic Park 3 has this little thing you sit in a close the blinds so the ambient light would stay out. It would do nicely.

We watching what we could with different packet sniffers (we were also very paranoid of getting busted) and were able to bring up the Switches web management system. We discovered that the video games use DHCP to get an address in the 10.10.x.x subnet and the video games also seem to contact a master server for configuration information. ie. How much does this game cost. By this time we had been sitting in Jurassic Park 3 for 2 hours and were getting REALLY paranoid. So we decided to try something malicious. We arp-spoofed/flooded everything we could see. An interesting thing happened. When the game control units can no longer talk to their master server, they go into 'free' mode. I guess this is in case there is a network failure. They'd rather lose a bit of money than piss of 100s of people. While our little program ran, every game in the place became free. So I thought to myself, why not just unplug the Cat5 cable for a game to make it free. That doesn't seem to work. I think this is because it needs to detect a link before it will go to free mode. Anyhoo, I guess the moral of this story is to have some kind of port security on your network ports in your business. or something :)

Re:Did something similar

[Pxtl]

How ironic - Playdium is owned by Sega, I believe, and this an article on using sega gear to hack equipemnt

Re:Did something similar

[GlassUser]

So unplug the MSDOS controller instead.

As the old Dreamcast commercials said...

[da3dAlus]

"The dreamcast will then probe for ways to connect to the outside world."

Sega Dreamcast..."It's Thinking"

Re:As the old Dreamcast commercials said...

New one:

It''s hacking...

Broadband adpaters

[linuxgnuru]

One problem with this, there are a finite number of broadband adapters and just leaving a DC with one in an office is blowing a good chunk of ebay money. I've played with my DC (even made the serial cable to progam in it and got the gcc-sh) and would love to get my hands on an adapater so I can't see anyone doing this in reality.

Wouldn't it be cheaper and just as effective

[pete-classic]

to just burn a CDR that boots Linux and does all the same stuff on a PC with any of the top X ethernet cards? Set it up to stubbornly ignore all keyboard input and never display anything on the screen. Write "coaster" on it with a black magic marker, drop it in some currently unused PC and hit power/reset and haul ass. Do it at 4:50 PM on a Friday and you'll probably have to 9:00 AM on monday to own some other box on a more permanent basis.

Hell, you might be able to modify a tomsrtbt to do this and wipe (or dd if=/dev/zero of=/dev/fd0; dd if=/dev/urandom of=/dev/fd0) the diskette once the ramdisk is loaded.

IOW, this whole thing strikes me as more of a "stunt" than a "hack."

-Peter

Re:Wouldn't it be cheaper and just as effective

[Hecubas]

Heh, bootable cdrom would be the quickest way to go! There's certainly plenty of spare pc's sitting around in most large offices. Much more discrete as well. Plus, when their techies find it, more than likely they won't have a clue how to view the contents.

Don't forget to wear your gloves though, fingerprints show up very nicely on cd's.

--
hecubas

Re:Wouldn't it be cheaper and just as effective

Exactly, and with Wake-On-LAN you can boot and backdoor nearly every pc in a halfway modern office. Especially when they're configured to do a PXE boot when awakened. A full weekend is plenty of time. Imagine the DDOS you can unleash inside a large company, using all the PCs to smash the servers, especially during the backup window. I'm used to working in environs with > 5,000 PCs in a single building, too.

Uh, oh. Better post AC. Damn.

Re:Wouldn't it be cheaper and just as effective

[pete-classic]

A couple more things.

First, the article sort of glosses over the process of finding a live, but unused, ethernet drop. Many companies don't just leave these lying around, they patch jacks in as needed. (IOW, the jacks are there, but generally only the used ones are "live.")

The other is that a "foreign" MAC might be noticed more quickly.

Two more advantages for the CDR method!

-Peter

Re:Wouldn't it be cheaper and just as effective

Love your sig.

Re:Why is this specifically a problem for dreamcas

[aardwulf]

Not in this application, you can't use Win2k or iMac boxes. 1st of all, we are assuming you want $100 disposable machines. OK, I would like to know how you are going to customize a Win2k or iMac load to boot a Dreamcast system...Of course Linux will be used because you can port it to pretty much whatever you want. Not necessairly bad press, mr paranoid :)

Physical Access

[Jack9]

The primary concern of a REAL system administrator has always been physical access. The greatest security threat is employees who want to circumvent or gain access to services you monitor or install. God forbit someone actually get in the building to tamper. Why put anything in a Dreamcast? Just carry around a Dreamcast/Xbox/whatever...That IS a GREAT gimmick to get into a building. Computer ppl tend to be eccentric (ty captain obvious!). My problem is that if you are going to risk getting into the building AND LEAVING HARDWARE because so many ppl are clueless, couldnt you just grab hardware when the techs are at lunch and escape (with the large number of plausible excuses for carrying around hardware during a crisis) in the ensuing chaos?

not a big deal

Most manufacturers, Linksys especially, include a utility to test it, and to reload all the bits of the MAC. I changed some of mine to random digits, never had a problem with that. Does anybody care?

Um. Why doesn't MS have a wizard to do this?

[Elwood+P+Dowd]

It seems to me like this would be an excellent way of giving IP to idiots. Which is the business MS is in. When I first start up/install WinXP, how come they don't do the same thing for me? Everytime my dad gets a new computer for his office, he calls me and tells me to come in and configure it for him. Why aren't all devices self configuring like this?

Vegas Casino Video?

[EvilBudMan]

I wonder if you could stick on of these things in the video feed room in a Vegas casino? No one would notice it, right?

-everyone's watching MohoHAHA

I found a flaw in their plan...

[Schnapple]

...open the lid.

Re:I found a flaw in their plan...

That's a software reset. It's likely whatever they write won't honor the same standard that licensed games do.

If you really wanna f them up...

[jsonmez]

Just install windows products on their servers.

That will give you access to anything on their intranet, and cause them mayhem.

Grab the BBA

[freeze128]

You can bet that I would at least grab the BBA out of it and sell it on ebay.... Those things are like GOLD.

there is a much easier way to do this...

[edrugtrader]

it is called an email virus... you can get them on ebay for MUCH less than $100, and you don't have to buy a 'black bag' or 'crawl through a drop ceiling'

Re:Better late than never?

I think you missed the point.

Slashdot lags behind other news sites who also collect and summarize interesting news.

There you go, Mr. Chokesondick.

Huh?

[Shagg]

A pair of coders are now suggesting that it is possible, with a modified ... system ... to sneek into an office building and stick it on a network drop .. then probe for ways to connect to the outside world.

You're kidding! Wow, how long did it take them to figure this out?

In other news... banks have now been found to be extremely insecure. All you have to do is break in, shoot all the guards, dynamite your way through the vault... and you have unlimited access to all their money!!

Re:I imagine that it would be the same thing if...

[JoeD]

Why would you need the OS source code to do this?

I'm thinking this would be even easier to do under Windows - just write a little Trojan, copy it onto a floppy, and install it on any unsecured Windows box. No extra hardware needed!

As others have pointed out, it's not the fact that you can get a Dreamcast to do all this stuff that's the problem, it's the fact that you can physically get to the network.

Mod the box first

[Henry+V+.009]

If you mod the box into something black with LEDs, it might not look so out of place. Especially if you tape a while piece of paper with "67...2 Router:Smurphy" to the top (well not look out of place to the peons, anyway). Everyone will be afraid to touch it.

Re:Mod the box first

[bpfinn]

Heh, just paint your DC black and write "Cisco" on it in white letters.

Re:Mod the box first

[SkulkCU]

I wonder if anyone has modded a switch, router, or hub to contain a mini pc inside...

Re:Mod the box first

[Henry+V+.009]

I'm not sure, but those Cisco routers keep getting infected by Code Red...

Damn, though, that is a good way to infiltrate a network. Simply replace a router while no one is looking, and they're owned.

Re:Mod the box first

[Henry+V+.009]

LOL! I thought that you had written 'Crisco', and couldn't understand what you meant until I read my own reply to the guy above.

Re:Mod the box first

[jargonCCNA]

Simply replace a router while no one is looking?!!

I dare you to actually manage to get an router replaced with no one noticing what you're doing. Anyone who knows anything about what they're doing will notice that your computer probably doesn't quite have the right ports to be a router.

Re:Mod the box first

[Henry+V+.009]

Really? Have you ever installed a pci card in your computer? Notice how more ports magically appear? Now go out and buy an internal "router" -- stupid name, I know, but that will solve your port problem.

Re:Mod the box first

[jargonCCNA]

Yes, in fact, I have. Two NICs.

Besides, every Cisco router I've ever seen has been, well, distinctly obvious that it's a router and not a rack-sized computer.

A dreamcast?

[CaffeineAddict2001]

A dreamcast in an office building sticks out like a nun in a strip joint. Maybe if you hid the dreamcast in a suitcase or hid it under a bunch of papers in a filing cabinet, but not by itself.

Re:Yes, but it doesn't mean what you think it does

[ergo98]

Isn't it accepted that it rhymes with either room or dumb? I have no doubt that there are professors who try to push the former to disassociate it with it's triple X relative.

However, there is no literal translation of cum because of differences in the languages (i.e. I don't believe that you could say that it maps to a single English word), but rather the usage defines the definition. i.e. In combinations it means "together with", sort of a "acting as".

In related news...

[derinax]

A pair of coders has suggested that you could sneak into a corporation, boot a machine into single-user, and totally screw it up.

They also suggested that you could dig a hole, fill it full of gold, then you'd be RICH!!!

It's the 'sneaking in' part that has me laughing. What company isn't self-aware enough to NOT notice a Dreamcast with an ethernet connection? ("Whose is this? Anyone know?")

It is much easier and cheaper if you...

It is much easier and cheaper if you leave a self installing CD on the receptionists desk labeled "private" which contains your trojan. (and a bunch of lame poems or such). Or, if the opportunity presents itself, you can just pop it in to any available CD drive and walk away.

AUTORUN.INF is underappreciated, and rarely disabled.

Remember, fingerprints can't be left on the hub and edge of a disk, so handle with care!

Anonymouse Cow Herd

Linux Dreamcasts

Imagine a Beowolf Cluster of THESE!!!

What about using WiFI?

[Coldfusion97]

Some friends and I were just discussing something similar to this at lunch.

There is a major college right near by that has a campus-wide wireless network that's completely open to anyone with a WiFi card. We were thinking about equipping a small PC with an 802.11b card and hiding it somewhere on campus to use as a server.

During the discussion I remembered this story on techweb last year about a network server that went missing for a few years after it was walled in.

So the ultimate idea is to find someplace with a WiFi network that's doing some remodeling and hide the box behind some drywall. With no wires to trace, the odds of someone finding it are very slim.

Re:Why is this specifically a problem for dreamcas

[tom.allender]

"any machine with an IP stack"

Hey, they could use TINIs.

Java-based disposable ethernet board!

[dstone]

Take a look at the Dallas Semiconductor TINI. It's a Java runtime environment on a 72-pin SIMM, complete with ethernet, serial, I2C, parallel IO, battery up to 1 meg of NVRAM, filesystem emulated in RAM, etc, etc. You can write web or ftp services for it in a few lines of Java, thanks to the supplied classes. You develop your Java code on your PC, compile it to Java bytecode, and then FTP it up to the little TINI device. My description is not doing this hardware justice, so I'll leave some links below.

Anyways, my point is this type of device is probably easier to program than a Linux Dreamcast. It may or may not be cheaper (sub-$100). And it's a lot easier to hide, if that's the goal. I've programmed a handful of hobby projects with this board, and it's really quite amazing for the price. (Compared to trying to implement an TCP/IP stack on a PIC microcontroller, say.)

TINI hardware
TINI
TINI board resource center
more resources
DalSemi discussions

Re:Java-based disposable ethernet board!

[zmalone]

You cannot open promiscuous sockets from Java, thus making a TINI a poor choice for a portable packet sniffer. It looks like you could open connections outward from a TINI, circumventing many security systems. I have no clue whether or not ARP based sniffing requires a promiscuous ethernet adapter or not.

Re:Java-based disposable ethernet board!

[topham]

Tools exist to program the machine in assembler as well.

Circumvention method found!

[mlrtime]

1) press the eject button on the dreamcast
2) Connect to closest TV
3) Insert game of chose and a controller
4) play

Ummm

[Dephex+Twin]

So you'd be hacking your own company and keeping the dreamcast on your own desk? Remind me to never team up with you for any illegal schemes.

mark

Re:Ummm

[Anonvmous+Coward]

"So you'd be hacking your own company and keeping the dreamcast on your own desk?"

Which would be stranger:

A seemingly inactive Dreamcast sitting on my desk or a Dreamcast sitting in the server room?

Hmmm?

Re:Ummm

[Dephex+Twin]

Which would be worse:

"We found a dreamcast hidden in a corner of the server room, who knows where it came from or how long it's been here. Maybe it's an internal job? Who knows."

or

"We found Bob's dreamcast on his desk hooked up to the server. It's probably been hacking since he brought it in 3 weeks ago. When he comes into work tomorrow morning we'll have him arrested."

Re:Ummm

That's how they did it in Superman III.

Re:Ummm

[Anonvmous+Coward]

Didn't catch the part where I said that it'd be obscure enough that they wouldn't know to look for it, didja? :)

However, when they see a foreign device in the server room, that'll tip them off right away.

Re:Ummm

[Dephex+Twin]

Yes, it would be much more difficult to discover, but not impossible. And when they did, they'd know just who did it.

That's the part I'm not too keen on.

mark

Re:Ummm

[Moonshadow]

Better yet, spraypaint it black, disable to amber light, and tell people it's an external CD drive capable of reading high-density disks (Which would be technically true). Meanwhile, your CD drive is hacking the company network.

Misdirection, not obscurity.

Re:Ummm

[elixx]

If you want to go that far, why not completely gut it, and place the guts within a custom case of some sort? Think of the possibilities, a PC case, spare room inside a television, a filing cabinet drawer... nearly endless possibilities.

Re:Ummm

OMG inside an old pc case. Why not use a fricking pc then.

1 problem

[JeanBaptiste]

Finally a reason to pull my dreamcast from out of my closet! This sounds way cooler than any game I ever had for the thing.

The only problem I have is with the part about how if you brought it into a business they would think its just a game system. I would be immediately suspicious of anyone toting around a Dreamcast in this day and age. Maybe if they made this hack for a PS2, or better yet, for the XBox. Or the gamecube, Super Hack Brothers Melee...

Yet another Hacking Hardware Target

[Matey-O]

It occurrs to me that a ThinkNIC would be an equally good platform for this.

It's cheap, departmental grey, looks like a piece of network componentry, uses GPL'd software (easy to change for your evil ways), and boots from a CD.

AC in and ethernet out...

pirate school mod

[chef_raekwon]

level 2 pirate school teaches you to make modifications to your arrs, into darrs...
level 3 shows the pirater to change from darrs, to garrs....

garr, its pirating time, matey....

Re:pirate school mod

[KILNA]

Glad to see they're still teaching the 3 'arrs.

pretend the firewall isn't there

If your IT dept doens't have a policy of pretending the firewall isn't there when it comes to making network security decisions, you could have a problem in the future. It's a good policy to act as if a secure network isn't secure.

Little things like not activating ethernet jacks in empty cubes and insiting that IT know about all hubs in use in insecure locations (such as your desktop) can go a long way.

You could probably do this with a tini board.

[krafter]

I would think you could do the same thing with a tini board. They are not that expensive, the top of the line tini is $69, and come with a tcp/ip stack and are much smaller than the dreamcast, the board itself is no larger than a simm memory card.

Tini home page

It wouldn't be the fastest thing in the world but with such a small size you could put it inside of something that should be there, like a network hub, print server, etc.

Software for it is written in Java and converted to run on the Tini, but I believe there is also a way to use machine code too.

Chris (krafter@zilla.net)

Upcoming Technologies....expect them.

This type of threat is something that people have been aware of for some time. DHCP doesn't care who is acquiring a lease unless you assign them on a MAC address basis. This itself is somewhat self defeating because its administratively prohibitive.

This was a challenge with the advent of 802.11 technolgoies until 802.1X Port based authentication came along. Users now have to authenticate just to obtain access at layer 2. This can be done via various forms of Extensible Authentication Protocols (EAP) such as EAP-MD5, EAP-TLS (Micorosft Certificate Based), Protected EAP, or LEAP (Cisco). 802.1X is an IEEE Standard, where EAP is an IETF derived standard.

Future network switches will require 802.1X authentication for wired connections just like our 802.11 wireless customers. No authentication, no access to the network! Servers or non-802.1X capable clients would require the individual switch ports to be configured with MAC Address filters to maintain security. A client successfully authentications via Layer 2 802.1X, then they acquire a Layer 3 IP address via DHCP.

I expect this to be confronting us very soon.

SoyBomb
http://www.the-space.net

Social Engineering

[Erwos]

It strikes me that people have generally ignored a very valuable tool of hacking: social engineering. Kevin Mitnick proved its prowess, and we've all heard of him, no? A DC is technically feasible, but falls short on the social engineering front.

So, I propose that instead of using a relatively conspicuous DC, or even a laptop, you buy a TINI computer:
http://www.ibutton.com/TINI/hardware/in dex.html
And then modify it into an old Cisco plastic shell. Write something like, "Cisco Network Load Balancer" or something (in a believable fashion), slap it in as close to the server room as you can.

The issue here is not "can I crack people's networks from the inside?" but, rather, "can I _keep_ cracking the network for more than a couple weeks?" You think to look at a laptop or DC for a network spy, but who bothers to look at some random piece of Cisco hardware in a corner? I'd say the risk of discovery becomes far lower - and with TINI, you could theoretically put together a "button" that would wipe the contents of the device if it was moved.

Just an idea.

-Erwos

Methods of prevention...

[evilviper]

There is really very few ways to prevent such an attack. (I've been thinking about this for some time). Even if you had MAC-Address filtering, a drop machine could be configured to learn MAC addresses, and take over the MAC and IP when that MAC is no longer present on the network (is shutdown).

The best way I could think of locating suspicious activity, is to setup a machine in the same range as the important servers... And investigate any connections to it (as no one should be connecting to it). This only stops the more active attacks though.

To sniff data off the wire, you only need to be getting an electrical signal. You don't need a MAC or IP address. To prevent this kind of sniffing, you would really have to go around and verify that the each active port (on the hub/switch) corresponds to a machine that should be up and running.

However, in a microsegmented network, where each network interface coresponds to a port on a switch, listening to the traffic on one port will not yeild much. So the sniffer would have to flood the switch with MAC addresses, or forged ARP replies. That kind of thing could be picked up if you monitor your switches.

So the point? Use switches directly to the computers anywhere remotly important... And protect your uplinks (links from switch to switch, switch to router, router to router) so that no-one can tap into them.

Of course, all this requires an incredibly great deal of manpower, and administrative vigilance. The real solution is to use IPv6 (or IPv4 with IPSec) since it encrypts all traffic.

Imagine not

[reddog1]

If you hid the wire and just had it sitting there or under a desk most people wouldn't think twice about it. Heck even with the wire mose people wouldn't think twice.

a wireless access point may be better

[Blaze74]

Why not just drop in a WAP, and then connect in from your laptop outside the building. Some Wireless access points can even run linux

I don't know about *your* office...

[MissMyNewton]

...but around *mine*, a Dreamcast would be noticed REAL quick! :-)

This was never meant to be "news"

[bababooey]

These guys gave a talk at Blackhat, and posted their work to dcphonehome

The idea grew out of the linux dreamcast distro and is currently being ported to several other platforms (pc, iPaq, etc.)

--bababooey

OUR not ARE

[jcoleman]

Good spelling and grammar should be a mandatory requirement for all posts to any website. I can't believe Hemos didn't catch that. No, wait, yes I can.

Re:OUR not ARE

[lowy]

Also, the first line should read "A pair of coders is now suggesting..." since 'pair' is singular.

more useful

[hitzroth]

Mine is a door stop.

Mutter.

[serial+frame]

I would kill to have the Broadband Adapter so I, myself, could continue my Dreamcast development. I no longer find it fun to wait for about an hour for the serial slave to upload code AND emulate a CD-ROM drive. And when I do not have time, I'm forced to go to the store and spend money on CD-Rs that would probably be turned into coasters throughout the development cycle.

Sure, the Dreamcasts are perhaps disposable, but the Broadband Adapters available certainly ARE NOT. There are people who have far better uses for them than to see them trickle away. Buy a uCsimm kit. They are much too small to even be noticed, and fit nicely above a ceiling tile. If one so desires, it could probably also be placed in a child's toy.

Re:Mutter.

[serial+frame]

I'm sorry. http://www.uclinux.org/

Re:Mutter.

[Kredal]

If you need a broadband adaptor, look above the second tile on your left when you go to work tomorrow. It should have a Dreamcast attached, too. Enjoy your new dev platform! (:

Re:Mutter.

[serial+frame]

Thanks. That was a refreshing reply.

Means of infiltration ...

[stekylsha]

I've seen a lot of comments about "sneaking in" and that the DreamCast would stick out. The fact is it's far to easy to get access to a company's network. I don't remember where I saw it but a couple years ago I remember reading a great article about this very subject.

The article reported that the easiest way to break into a company's network was from the inside (obviously). But the way to do it was to dress/act like a technician. They were rarely challenged and were able to place devices on the network in inconspicuous locations. How many people check the wiring in the ceilings? How often do you or the Sys Admin's do that?

I've personally seen this a number of times at various companies I've worked at. Someone wondering around with a ladder and looking like a technician and everyone ignored him. Luckily he was a technician but he could have just as easily been an evil network sucking infiltrator. The fact is if you look like you belong, most people won't question your existence.

So to sum up; put on a technician's outfit (complete with little logo thingy on the overalls), tell the receptionist your there to fix something, place DreamCast in ceiling or under counter or someplace discreet, receive packet dumps. Easy, huh?

Steven
Carpe Tunnel

Re:Means of infiltration ...

[Control-Z]

I've been told by a person who did phone systems that all you need is a metal clipboard, a few pens in your pocket, and a thoughtful look on your face and you can pretty much go anywhere in a typical office. :)

IPSec AH

[Jeremiah+Cornelius]

Here is a GREAT reason to use IPSec with AH for ALL connects in your application/DB LAN segments.

Almost trivial with Windows 2000 and Global Policy Templates.
Very doable with the IPSec and LDAP upgrades in Solaris 9.
Key management is still a Royal PITA on other platforms.

Interesting application of an old idea.

[Nonesuch]

The concept is not new. It is interesting that the cost of hardware capable of such a task is much lower, and the use of a gaming console is a novel idea.

I see two major drawbacks to the use of a "Dreamcast" in this role-

1. Moving parts. Stick a dreamcast above the suspended ceiling (often also an air plenum) not only violates fire codes, but will fail prematurely due to dust.
2. In a corporate environment, a big boxy dreamcast is going to stick out like a sore thumb.

Re:Interesting application of an old idea.

[swv3752]

If the dreamcast is in a viewable area, and such things are not common.

Between those two caveats, it is very likely that such a device can sit unobserved for a very long time.

Some one else mentioned doing something similar with a bootable cdrom or floppy. With a little social egineering this could be even more workable in many enviorments. Take an office pc and setup headless in a closet or quiet corner. Tape a sign on it that says "Important, Do NOT Disturb". In a medium to large environment, no one is likely to do anything about, particularly if you do not take a pc that someone is currently using.

Whereas an xBox would...

[Frank+of+Earth]

... just search for your address book in Outlook and send all the p0rn you forgot to delete on your laptop to your boss and all your coworkers.

wretched hive of scum and villainry

[kin_korn_karn]

you know you're all terrorists for even discussing how to do this, right?

The only thing that would be more incriminating would be to bow to Mecca in front of an FBI agent.

A simpler, cheaper alternative

[dstone]

Don't waste your Dreamcast! If you have physical access to the building, desks, etc, then why not just jam in a bootable floppy and reboot an unattended machine to:
1) port and service scan
2) send out results via http/ftp/ping/email/etc
3) wipe the floppy clean
4) write an innoculous text or word document on the floppy
4) reboot the workstation again

This leaves nearly zero physical evidence that there was an intrusion. Just an abandoned floppy and a rebooted machine.

Sure, you _might_ get past building security with a video game console in your bag. But I guarantee you'll get in with a floppy. And would you rather be caught plugging a floppy into a workstation or a video game console into the network?

And you'll still have your Dreamcast at home, running DCMAME!

Re:A simpler, cheaper alternative

[yokem_55]

This type of thing though is usually prevented by the sysadmin by having a supervisor password in the BIOS, and the bios be configured to only boot from the local hard disk.

Re:A simpler, cheaper alternative

This type of thing though is usually prevented by the sysadmin

Replace "is usually" with "technically could be" and you're correct.

Re:A simpler, cheaper alternative

[Darth_brooks]

bzzzzt wrong answer hans.

My current place of employment cares just slightly more than dick about system security. The upper network isn't bad, but the local machines blow.

even so, the BIOS is password protected. The easiest act of vandalism is to set a BIOS password, so the techs beat the vandals to the punch. As long as they were there, they opted to change to boot order as well. Pretty common really.

Mod above Funny, not Interesting

[sqlzealot]

He is clearly making fun of modding devices for obscure purposes. sigless

Shhhhhhhh....

[Asprin]

....it's thinking.

That, too

[drew_kime]

This was pretty much just to see if we could, which as I think about it seems like the reasoning behind most of what I did in high school. Well, at least the things I did in high school that didn't involve girls.

Admit it. Most of what you did with girls was just to see if you could, too.

Please learn how to master 5th grade english

"are networks neet to be secure"

GRAMMAR PEOPLE! Sheesh.

dictionary.

sneek ? You mean sneak.

Editors should EDIT.

Re:Why is this specifically a problem for dreamcas

Slipping a dreamcast into your briefcase is less suspicious than hauling around an Imac.

"Don't mind me, I'm just carrying around this Imac!"

Another cool use...

[psypete]

would be to take any one of the many fine open-source custom dreamcast games and tools and patch it to use this intrusion tool; when someone loads up the vcd player, or the snes emulator, or tries to play quake online (i forget if it includes network support but any other game requiring broadband will do), they'll actually be helping it do its job. Of course, this assumes they plug in the broadband adapter.

Side note: i'm thinking of porting a linux distribution to dreamcast, and Gentoo looks to be the easiest (installer can be easily modified to compile its bootstrapper for sh4 architecture). Anyone think a specific distro could go to dreamcast easily? Is anyone else working on this?

And the terrible grammar

The grammatical mistakes make this article painful to read. Perhaps the submitter tried so very hard to be the first to post this and didn't bother reading what he wrote? Maybe so. In such a case, isn't it lucky we have Editors to clean it up! Phew!

Oh.

So what's the cheapest computer...

onto which one could load a reasonable number of probing tools to do this sort of thing?

I'm guessing something from the uClinux project, although that would probably stand out like a sore thumb compared to an old laptop.

Re:Why is this specifically a problem for dreamcas

iMac is a computer. Dreamcast is a computer. Win2k is an operating system. Linux is an operating system. Mac OS X is an operating system. Hope I've cleared that up for you.

Thought of doing it

[swb]

I've often thought of doing this myself where I get paid to work, not so much to sniff passwords but to have a little back door should I decide to leave. It'd be trivial to stash a laptop or other device in a little-used ceiling space and run a drop directly to a patch panel.

More challenging would be setting up a way to get the machine to periodically reconfigure itself to get out of the office network and establish a tunnel to the outside that could be used to get back inside.

The way that occurs to me is to have it load a public web page periodically and parse out the destination IP and then have the "automaton" search for ways out of the network to a destination host set to listen for tunnel attempts from the automaton.

I'd imagine you'd have to come up with really clever ways to get out of heavily firewalled/proxied business networks, some really don't allow any random end nodes to get unfiltered/proxied packets out of the network. Best way would be to tap into a fax line and have the machine periodically dial out, leaving a more clever human to fix any dedicated network tunnel.

I'm not sure what I'd *do* with a host if I had one, though.

Re:Thought of doing it

[Skyshadow]

I'd imagine you'd have to come up with really clever ways to get out of heavily firewalled/proxied business networks

Maybe in 1995 this would have been a problem, but in 2002 this is pretty easy -- just add an 802.11 card to your rig, configure Linux properly and you're open for bid'ness (assuming you're close enough to an exterior wall). If I were to do this today, I'd be able to sit on a bench outside the school and connect in.

The way we did it in 1995 was to just email the data to a anon email account (which I got through a local BBS, of all things) once a day. You could also just telnet in if you were on the network.

Why keep the DC case?

[ictatha]

If you're going to go this far (taking a DC into {company} with the intention of getting access to their network). Why not go to the next step:

Strip the guts out of the DC, hollow out a large reference book (one appropriate for the business), make discreet entries into the 'book' for the cables (a book with cables running into it would be suspicious, figure out a nice way to do this), then put the DC guts in the book.

Re:Why keep the DC case?

hopefully the book you hollow out isn't "Preventing Consumer Electronics From Bursting Into Flames For Dummies".

small package

[DigitalDragon]

who else already has something much better in a nice small, concealable package

Don't know about you, but this sure does sound funny to me. :)

Re:How is that going to work? - Time to hack sega!

[Psx29]

A dreamcast wouldn't be so suspicious in the corporate Sega headquarters now would it?(*evil snicker*)

the toy in the corner

[binarybum]

"If you bring it into a company, they're going to go, 'Wow, look at the toy!'" ...And then what?? stick their thumbs back in their
noses? This seems to be exactly why a dreamcast would be the worst thing for this. Somebody would go on ebay buy some controls and the next day the company stock would go down because they'd be having competitions in the lounge after they got it to play games or they'd get pissed that it was too hacked to play games and they'd chuck it.

It would seem the best thing would be a box disguised to look like a hub or a switch, nobody is going to yank that out, and if someone patches their system into it, the fake hub could be designed to crack into that system as well.

Extra Humiliation Factor

[duck_prime]

[How is this any different] from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

Well, there's the extra humiliation factor... Imagine a bunch of IT boys from different corps going out for a beer:

BOFH1: Yeah, I got 0wn3d today by a massive distributed DOS attack from thousands of zombie machines across the 'net.

BOFH2: Ha! That's nothing. I got r00t3D when someone compromised the latest openSSH source. That woz pretty elite.

BOFH3: (mumble mumble)

BOFH2: What was that?

BOFH3: [sobbing] An iPAQ! I got H4x0r3D by a fucking iPAQ, okay? Are you happy now?

BOFH1: What a l00zer.

BOFH2: Good grief.

DC cooling

[Yakko]

You are incorrect about the "water cooling" of the Dreamcast. My Dreamcast (purchased May 2001) has a small and noisy fan in the right-front corner. It's air-cooled. I'd like to see pics of any water-cooled DCs :o)

There's a big aluminum plate sandwiched between the GD reader/PSU and the mainboard which acts as a heatsink for the PowerVR2 and SH4 living beneath.

I do agree that the GD reader mech is noisy all by itself, but most of the ambient noise comes from that small fan.

Re:DC cooling

[psypete]

i apologise, it appears i was incorrect. originally the dreamcast was supposed to be water-cooled, but i guess i never checked it when i got it to make sure. still, i really really really hate the GD-ROM. anyone wanna mod a normal fast cdrom drive in there, or even *shudder* a dvd-rom drive?

Re:DC cooling

[Gizzmonic]

dreamcast "GD-ROMs" are stock yamaha CD-ROMs with a firmware or bootstrap program that tells them to only read GDs (this is easily defeated however)

On a related note, the Nintendo gamecube is a stock panasonic DVD mechanism. Sega and Nintendo can't afford to mass manufacture custom drives...hey, even Sony and Microsoft don't do that...

Re:DC cooling

dreamcast "GD-ROMs" are stock yamaha CD-ROMs with a firmware or bootstrap program that tells them to only read GDs (this is easily defeated however)

Maybe the new ones or something.. but the old (more common) Dreamcasts didn't have any "bootsrapping" whodinglers or anything.. you just stick in a CD-R of the game you downloaded from alt.binaries.dreamcast and play away.

Re:DC cooling

[zerocool^]

Dreamcasts didn't have any "bootsrapping" whodinglers or anything.. you just stick in a CD-R of the game you downloaded from alt.binaries.dreamcast and play away.

You're actually behind. The CD's you download from a.b.dreamcast already have the bootloader on them. That's the 2nd gen rips. The first gen were GD's or whatever that had been converted to bin/cue's. You had to put a dreamcast boot disk into the drive and then this picture of a dog would appear and then you open it and insert the downloaded game.

Google search for "Utopia Boot Loader".

Dreamcasts have always had this copy protection, and to my knowledge you haven't been able to just copy a disk with something like cloneCD and expect it to work without modding the DC. It's just that the later games eliminated the need to load the boot loader on a seperate CD.
Some games you still have to load that way, i.e. Echo the Dolphin is about 701 megs, no room for a bootloader.

~Will

Security research project addressing this issue

[Ryu2]

Check out the SPINACH project at Stanford: http://mosquitonet.stanford.edu/publications/spina ch.html

It's designed to precisely address this issue by limiting network access from hosts whose Hardware Ethernet addresses are unknown to the local subnet only (not past the router) until it is authenticated (by some password or other scheme). Thus, if you put a Dreamcast on a SPINACH network, it could only reach hosts on the immediate subnet, unless you spoofed the MAC address or something...

are networks or our networks?

[Mantorp]

dang voice recognition software I'm shore.

Here is a number for you to remember

[bogie]

1-800-97-Legal. Its the number for Jacoby & Meyers because your going to need them after your arrested for "leaving a little back door".

For anyone else thinking about doing this, don't be stupid and please use a little common sense. If you do something like this and get caught you will not only pay a huge fine like $10-25k minimum, but could easily end up in jail.

Re:Here is a number for you to remember

I don't think they plan on getting caught, that's the whole point. I agree, don't be stupid and use a good amount of common sense, that way you're less likely to get caught. :)

Re:Here is a number for you to remember

one: I'm sure that there is statute of limitations on this. After all it was done in 1994 (8 years ago) and the school knew about it.

two: chances are he did it as a minor.

three: the law on computer crimes in '95 wheren't as draconian as they are now. He would be held to the laws of 95. (at least in the US that is)

OTOH: anyone doing that now ...

Re:Here is a number for you to remember

[JatTDB]

Just a little note...most people who do illegal things don't plan on getting caught.

Firewalls and the false sense of security.

[Restil]

This demonstrates one of the biggest problems with firewalls in practice. It allows a network administrator, and all the users on the network, to have a false sense of security about how vulnerable their network is to the outside world. As the article stated, once you get through the rough outer coating (the firewall), you pretty much have the run of the place.

The firewall should be used for two primary reasons. First, because you don't trust the internet. This makes perfect sense to almost everyone. The second reason, is because you don't trust your users. After all, if you trusted all your users to keep the machines secure, the firewall probably wouldn't be necessary. Therefore, its in your best interest to not allow carte blanche access to the internet from the inside, just as you don't allow open access from the outside.

Of course, at the same time it needs to be secure, it also needs to be convienent. If someone has to jump through hoops to find a webpage or read an email, the entire purpose of having those services available is lost. At some point you need to trust your users, even if they can't be trusted. So minimise the damage a single user can do.

If a user gets a virus, how far can that virus reach? Can it infect the entire network, or will it be isolated to the local machine, or to a specific account. What happens if a password sniffer is installed somewhere on the network. Will it be able to obtain any useful information? Are the machines tripwired to detect any modification of key utilities? Are there live network connections that are unused? Do you use static or DHCP addresses? Some of these features might make life easier for the sysadmin, but they also make it easier for a trespasser.

Of course, many of these problems are addressed only with hindsight. If someone wants to get onto your network badly enough, they will probably find a way. The important thing is that if and when it happens, you can detect it immediately, minimize the damage they can possibly cause, and immediately fix the problem that allowed them in in the first place

-Restil

Troll?...

Sure a dreamcast is cheap if you can find it..But do you honestly think you can find a dreamcast Broadband adapter cheap? ($100-200 on Ebay).

If you already have this u are ok... But if you are going to try it GOOD LUCK.

get real
-=P=-

Fine with me!

I see a Dreamcast or an iPaq just sitting around at the office I'm taking that baby home!

Woot! Fa fa fa hackers try again!

Re:Why is this specifically a problem for dreamcas

[snookerdoodle]

Not only this, but two recommended practices (and EVEYONE does this, right? ;-) would stop it from doing anything:

1 - don't light up unused ports
2 - use switches instead of hubs and there'll be nothing to sniff...

Mark

Neat idea.

[TheSHAD0W]

But if you've got a budget for the job, use a palmtop. A Windows CE machine would fit into a tight space, and you'd never notice it.

Oh yeah, and if it HAS to be Linux, some palmtops will run it, too.

Something Smaller

[aaarrrgggh]

Well, they have things smaller that can do much of the same.

Check out the uCsimm. Onboard ethernet, serial, etc. All you need is a 3.3v power supply and you are good to go!

Only limitation is 8MB of RAM and a Dragonball proc, but...

Easy (but tiring) way to fix this security problem

[acoustix]

Just configure the network switches to accept only certain MAC addresses on certain ports and that should end the problem of people putting "rogue devices" on your network.

However, for companies who do not do this already it will be a substantial investment in time to set up something like this.

Any other thoughts?

Clipboard

[theLOUDroom]

It's been said that:
With a clipboard, a dress shirt and the right attitude you can get anywhere.
From everything I've seen, I believe it.
Security just isn't taken seriously by most people.

Kind of a non-issue ...

[Eric+Damron]

Except to say that we should secure the physical access points to our networks. Of course if you allow strangers to plug into your network they are going to be able to find a way to talk to the outside world.

Most TCP/IP networks nowadays runs DHCP so just plugging in will usually get you a valid IP and from there you can pretty much guess the gateway or sniff it out. The important thing is not to allow unauthorized people to plug-in in the first place.

Most compromises are not high tech. Most compromises are a result of either a disgruntled employee or an employee that foolishly gives out password information.

Maybe the hacker calls a company's I.S. shop and says that he's from Cisco. The router is having problems and he needs the logon password to fix it. Or maybe a hacker just walks in to a large building with a laptop, RJ45 cord and big balls. He plugs in and starts sniffing.

We have a Group of people in Washington State Government that goes around and tests security. One guy told me that once he walked into a Department building, plugged in and was sniffing usernames and passwords. Someone asked him who he was so he gave them some bogus story and they asked if he wanted coffee! So he sat there eating their donuts, drinking their coffee and breaching their security!!

XBOX is better

[theLOUDroom]

Yeah, but I haven't done that yet beacuse I'm still waiting for someone to get linux running on the xbox. It's much bigger and heavier.
In the meantime I'll keep bludgeoning people with my C64. It's got a pretty good reach and I hear it can be turn into a webserver.

Coming to DefCon, misc. comments

I believe that these guys will be presenting at DefCon

As to comments regarding putting a laptop on an internal network, think about it. How much cheaper is a DreamCast than a laptop? If it's discovered, you might be out $50 ... compared to losing a laptop or a wireless access point, it's a cheaper solution.

Nifty hack, I'm looking forward to seeing their presentation this weekend.

Re:Why is this specifically a problem for dreamcas

[m_ilya]

use switches instead of hubs and there'll be nothing to sniff...

It isn't true. See Intrusion Detection FAQ

Tired Trick

I can remember designing a 68000 based computer with ethernet chipset from scratch at University; as I had complete control over the chipset; I could make this thing look like any PC that was already attached to their network, MAC address and all. With the full flexibility of the hardware at your control, defeating most in-house security measures is a no brainer. As for current candidates for this kind of attack, I would say that you would go a long way to beat using intrinsycs, Cerfcubeyou must be able to hide that in a wall cavity.

WAP's or Dreamcast Hacks

Ok If I was a hacker and wanted to get into xWZ Inc.

The dreamcast would be a bit of a streth. But it does demonstrate a very good point. If a dreamcast, seemingly inocent device, can get past the firewall then so can just about anything.

Although, the argument of dropping a WAP next to a window is much more persussive.

Only real solution is setting up DHCP to only give ip addresses to the MAC Addr. that are defined. Or employee some other technique to filter out unknown MAC addresses.

Of course we all know that MAC addresses can easily be spoofed.

If I was xWZ hacker, I would try to slip a backdoor on someone's PC, who might have walked away from there desk. Then I would sit and wait for my unsuspecting friend to establish a connection.

Of course I am not a hacker. But, I do know far to many IT managers never listen to us low life IT techs. They seem to think if they throw enough time and money at FW-1 that everything will be secure..

This is very simple.

The DC is very small, very easy to hide. You can put it in anything. For example. Find a cheap UPS. They are out there. I've seen some of the new ones for 24.95. Stick ANYTHING inside those things. They are HUGE once you take out the batteries and wire it direct to just be a surge protector. More to the point, you can hide almost any device inside one of those things. its HUGE. And noone would really suspect it.

PC Bootable CD with BSoD display

[rick_campbell]

Since these guys are already doing bootable CDs, they could do one for a generic PC. Have it put up a VGA Blue Screen of Death mock-up as early as possible and then target machines that look out-of-the-way and/or unused, especially older looking machines.

Lots of places that I've been have these sorts of boxes sitting around because they become unused gradually. I've seen machines like this display BSoD for weeks on end before anyone bothered to either reboot them or turn them off.

With this approach, the total leave-behind hardware investment is $0.25 for the CD-R.

Everyone's doing this on Dreamcasts...

[lsd4all]

I ust picked up a Rio MP3 Reciever. It has a built-in ethernet jack and a nice dial and buttons so you can scroll through your latest exploits to perform on compromised networks.

Re:Why is this specifically a problem for dreamcas

[MonkeyBoy]

I dunno about you, but I tend to walk around work with my eyes taking in the full scope of walls. An ethernet cable snaking up and into the ceiling, anywhere, will catch my attention.

Then again, maybe I'm just a little bit paranoid since at my employer's last building we had cables running up and down walls all over the damn place - not much choice when people are packed in like sardines and there aren't enough close-by ports to meet people's needs.

Now that we're 4 months into a new building, with enough ports to go around (and the financial wherewithal to have more drops installed when we've needed them), I have to keep an eye on the little monsters who are used to the idea of stringing cables -- that way they don't have to plan beyond today.

Wouldn't it be ironic...

[NeuroManson]

If they used a Dreamcast to crack Sony's corporate office network?

Or at least to introduce new "leg lifting" behavior models to their Aibo software...

The most dangerous protocol: DNS

DNS is one of the things that almost all firewalls either let through or proxy. You can tunnel anything you want over DNS messages. If they are logging stuff correctly it would look pretty suspicious but they might not notice it.

Re:How is that going to work? - Time to hack sega!

These days? Yes...

More trolling by the computer press...

[rakslice]

Sure, on-site network security is a problem too.

But sniffing with a Dreamcast? Ethernet adapters for the dreamcast so rare as to sell second-hand for double their original list price or more... That would total to $250+ including an ebay-purchased DC, for a system with extremely limited local storage that wouldn't do anything more than an old 486 or early pentium system I could buy at a garage sale for $30 could. And well-hidden network and power connections mean that you'd pretty much have to put it in a ceiling or wiring closet anyway; I can't see how the somewhat smaller size would matter much.

Yes

[SeanAhern]

Well, I know I'm in the minority here, but as an employee of Lawrence Livermore National Laboratory, whose security rules come from the U.S. Department of Energy I can say that all of our janitors have a background check.

Your numbers are a bit screwed up...

[rakslice]

>Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts.

If you can get me 4 dreamcast ethernet adapters for US$300 (even without dreamcasts to go with them), I'll buy them off of you right now. Dreamcast BBA's are selling on ebay for $100-$150. You can barely buy two dreamcasts with ethernet adapters for $300, let alone four.

Why would you be spending $300+ anyway? An obsolete yard sale notebook should do the trick, and I can't see one setting you back more than $150.

Not really.

[Inoshiro]

Many locations use static configurations loaded from a remote server. If the company really likes security, each system would have a burnt CD for booting + a remote share for home directory data. Or a mainframe style setup with thin clients.

A small, low power, low noise, inexpensive box that can be placed somewhere in a building that will find its own way is very much a sophisticated solution, much more so that a trojan attack.

MAC filtering?

[cant_get_a_good_nick]

My supervisor tried to plug in his brother's PC into the net, it shut down his access port. Then he plugged it into my hub, shut down mine too. Had to call one of the LAN guys to reset all ports in my office. I'm not sure if they filter by allowed companies and all NICs have to be Intels or whatever, or they have a complete table of allowed MAC addresses, but either way this wouldn't work on my network.

Who edits this stuff?

[d2htornado]

"Just a reminder that are networks need to be as secure on the inside as they should be on the outside."
"ARE networks?"?!?! Jeebus. Just because someone submitted it that way doesn't mean you need to post it like that. Fix the shit, for God's sake! Make it look like you have at least a 6th-grade education!

Wrong Reminder

[RhettLivingston]

This is just a reminder that we can never be secured in any part of our lives by technology. The only path back to a secure society is the path that leads back to teaching people that noone is responsible for their actions but themselves and that intentionally irresponsible actions will be punished according to the effect of the action even when the effect goes way beyond the original intentions.

Re:Wrong Reminder

[d2htornado]

"that noone is responsible for their actions but themselves"?!?! Don't you "mean no one"?! Again, see previous post and at least try to make it look like you have a 6-th grade education!

Re:Wrong Reminder

Uhm, could you try and be more of a flamer. I surf at -1 just so I can read lame ass posts like yours which have nothing to offer, but your own pent up rage at your inability to get laid. Give the guy a break go get yourself a nudie mag take it to the bathroom spank it until your eyes feel heavy and come back when you can offer more to the discussion that some slack jawed comment about something that was obviously a typo.

OT: Re:Because of the footprint and cost...

[C0LDFusion]

Could you please post a link or give some info? I could use several 486 Laptops.

Server 54, Where Are You?

The University of North Carolina has finally found a network server that, although missing for four years, hasn't missed a packet in all that time. Try as they might, university administrators couldn't find the server. Working with Novell Inc. (stock: NOVL), IT workers tracked it down by meticulously following cable until they literally ran into a wall. The server had been mistakenly sealed behind drywall by maintenance workers.

Mayhem (www.linuxathome.net)

Re:Server 54, Where Are You?

[d2htornado]

WHAT THE FUCK DOES THIS HAVE TO DO WITH ANYTHING?! "Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment." God Damnit, I'm sorry I type faster than the average bear!

Why bother?

[twitter]

Why bother with a whole install? If you get access to a machine like that, why not just drop in a DOS root kit? The mahine's owner would never be the wiser.

When you get down to it, most crackers would be ashamed to have to WALK someplace. Surely you could just mail some Outlook crack and have access that way? Once you own one machine, you can own them all, and I suspect most corporate machines are indeed owned this way. Think M$ will ever get a clue? I don't.

Then again, by the XP license M$ has a root kit all their own. IEEEE! My desktop is not MY desktop! Nor is it my company's desktop. It belongs to M$.

Rip off the Sega label, leave a note

[Tenebrious1]

Paint the DC flat black, print up a fancy label like "CyberIntelliScan 2000X". Use chalk and scribble "DEMO UNIT".

For the finishing touch, tape a handwritten note saying:

"Network Optimization Scan- please don not touch- Joe", using the name of the director of the IT department.

With luck, any hapless admin who sees it will think it's just another fart-in-the-wind product the PHB is testing out for his brother's company, and not pay any attention to it.

Re:OT: Re:Because of the footprint and cost...

[dohcvtec]

The place is called Comprenew. They are located just North of Grand Rapids, Michigan. On their website, they don't have the really low-end (cheap) stuff. If you go to the PCTC link on their site, it will give you an idea, however. The place itself is just a warehouse full of equipment that companies wanted to get rid of. There's some very unique stuff there. It's fun just to look around and see some of the obscure items they have. The cheap laptops aren't listed on the website because they only get one of each item usually, but if you talk to the people there, they might be willing to ship you one; N.B. everything there is strictly as is, although if you go there you can try anything out.

This is a problem because... ?

[Mozai]

Cripes. Doesn't every sysadmin monitor their network for new ethernet devices? I mean, all it takes is:
# /usr/bin/nmap -sP 192.168.0.0/24; /usr/sbin/arp

Save it to a file, and check frequently for changes.

I'm a bit stunned that something like this isn't ubiquitous.

Re:Why is this specifically a problem for dreamcas

[Alex]

Brings a whole new meaning to "not supported", ;-)

Alex

Dreamcast $40

[Cyberllama]

Are you sure this would really be chaper?

Why a dreamcast...

The reason its important that its a dreamcast, and not a laptop or whatever. Is simply that it is a dreamcast, and childs toy, not made so it could do anything like this.

Its kinda like someone 'modding' a pc case into a moter bike. The thing what would be amazing about it would not be that you can use it too ride, but instead that he is riding a pc case.

Attack of the Dreamcasts

[leoaloha]

Just proves that you need to maintain vigilance on your network. I maintain a network for a Transit Authority and use several tools that actually look for new devices on the network, duplicate IP and MAC addresses and so forth. If it trully probes for a way out to "phone home" so to speak, I got him. Now passive listening -- different story.

Re:Dreamcast $40

[greg_barton]

> Are you sure this would really be chaper?

Well, given the posts about ethernet adapters for the dreamcast costing $150, probably. Regardless, the cost will be pretty similar.

EPIA 5000 board, with processor (runs fanless) $99
64MB RAM $11
16MB CF card (for boot media) $15
145W Power Supply $25

Total: $150

You can use a cardboard box and duct tape for the case. :)

The EPIA system also has the advantages of being standard hardware.