Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Of The Dreamcasts

Posted by Hemos on from the swirly-logos-coming-at-you dept.

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."

19 of 449 comments (clear)

  1. How is that going to work? by Kith_Me · · Score: 5, Funny

    Someone strolls into the office, notices a dreambox in the corner... and they say "Hmmm, that is normal, I'll just ignore that"... hehe

    More likely that they would say "Cool, lets see what game is in it!"

    --
    "CPU's Don't make mistakes....They just miss a few cycles sometimes..."
    1. Re:How is that going to work? by jayhawk88 · · Score: 5, Funny

      "Hey Bob?"
      "Yeah Mike?"
      "There's something wrong with your Dreamcast, I can't get it to boot up Soul Calibur."
      "My Dreamcast? What Dreamcast?"
      "Your Dreamcast...you know, the one you had plugged into the 2nd floor comms closet?"
      "That's not my Dreamcast. Did you ask Dave?"
      "Yeah, both he and Shirley say they've never seen it before."
      "And you say it won't play Soul Calibur? Did you try booting it with no disc?"
      "Yeah, it comes up with some weird black screen and says it's beginning port scan, or some such nonsense like that."
      "Huh, I wonder what made it do that?"
      "Who knows. Oh well, guess I'll go plug it back into the router that it was plugged into."

  2. What kind of penetration are we talking here? by erik1474 · · Score: 0, Funny


    Higbee and Davis perform penetration tests, and developed their game box cum attack tool
    </quote>

    Did I read that right?

  3. Keep it hidden! by phraktyl · · Score: 3, Funny

    I'm pretty sure that someone would notice a dreamcast system sitting on their server rack. However, if you hide it behind a wall, it could sit there for years!

    Wyatt

    --
    Karma: Marginal (mostly due to the border around the website)
  4. I wouldn't complain... by Derek · · Score: 3, Funny

    ...if someone came into my house and dropped off a dreamcast! :-)

    -Derek

  5. That was from Pirate School!!! by cnelzie · · Score: 4, Funny


    Been to Pirate Training School?

    Replacing 'our' with 'are' is a very common pirate thing to do. Of course, even that was slightly misspelled since 'arr' is the most correct usage, matey...

    -.-

    --
    If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
  6. This happened to me... by FortKnox · · Score: 4, Funny

    ... so I just popped in NFL2K2 and showed the hacker who was boss!!

    --
    Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
  7. So the commercials were right... by Cutriss · · Score: 5, Funny

    All those girl ninjas running around stealthily tucking Dreamcasts under their arms - They weren't trying to steal them. They were trying to deploy them!

    Now I understand the tagline... It's thinking...

    --
    "Mod, mod, mod...and another troll bites the dust."
  8. Re:Why is this specifically a problem for dreamcas by sys$manager · · Score: 3, Funny

    I'd like to see you hide an E10k in the ceiling.

  9. Re:i would like to .. by Anonymous Coward · · Score: 1, Funny

    sorry, typo, we meant "5n33k". W3 4r3 50rry ph0r 4ny c0nphusi0n w3 m4y h4v3 c4u5ed.

  10. That's nothing compared to... by Kirby-meister · · Score: 3, Funny

    ...hacking a company with the Playstation 2 - it can scan 75 million ports a second, 20 million with effects.

  11. Cache of the Article by RicochetRita · · Score: 1, Funny

    When Dreamcasts Attack White hat hackers use game consoles, handheld PCs to crack networks from the inside out. By Kevin Poulsen, Jul 31 2002 5:26PM LAS VEGAS--Cyberpunks will be toting cheap game consoles on their utility belts this fall if they follow the lead of a pair of white hat hackers who demonstrated Wednesday how to turn the defunct Sega Dreamcast into a disposable attack box designed to be dropped like a bug on corporate networks during covert black bag jobs. The "phone home" technique presented by Aaron Higbee of Foundstone and Chris Davis from RedSiren Technologies at the Black Hat Briefings here takes advantage of the fact that firewalls effective in blocking entry into a private network, are generally permissive in allowing connections the other way around. Higbee and Davis perform penetration tests, and developed their game box cum attack tool after finding themselves more than once with physical access to a client's facilities -- posing as an employee in once case, crawling through a drop ceiling in another -- but without a way to leverage that access into remote control of the company's network. "It's not that hard to get into an organization for one or two minutes," said Higbee. They chose the Dreamcast for its small size, availability of an Ethernet adapter, and affordability -- the console was discontinued last year, and now sells used for under $100 on eBay. Loaded with custom Linux-based software and covertly plugged into a spare network port under a desk or above a ceiling, the harmless-looking toy becomes the enemy within, probing the company firewall for a way out to Internet. The box cycles through the ports used for common services like SSH, Web surfing, and e-mail, which tend to be permitted by firewall configurations. Failing that, it tries getting "ping" packets out to the Internet, and finally looks for proxy servers bridging the network to the outside world. Whatever it finds, it uses to establish a tunnel through the firewall to the intruder's home machine. "Most organizations focus on the perimeter," said Davis. "Once you get through the outside, there's a soft chewy center." The pair suggested some techniques for mitigating the risk of dropped-in hardware -- restricting the LAN to pre-assigned MAC addresses, for one -- but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. The pair plan to release their Dreamcast software on their website next month, along with similar code they developed for the handheld Compaq iPAQ, and a bootable CD ROM designed to be slipped into print servers and other kiosk PCs. While useful, they note that the other platforms lack at least one of the Dreamcast's virtues. "It's innocuous. It looks like a toy," said Davis. "If you bring it into a company, they're going to go, 'Wow, look at the toy!'" What? You mean it isn't Slashdotted yet? How'm I supposta Karma-whore, now?!

    --
    Stuff that matters: circuitbreakers, vacuum-cleaners coffee makers, calculators generators, matching salt+pepper shakers
  12. I'm sure a few people mentioned it, but... by glwtta · · Score: 5, Funny
    yeah, if you have random people entering your building unsupervised and plugging things into the network, you just might have a security problem, Dreamcast or no Dreamcast.

    I would think much in the same way, a Dreamcast running linux can be used to seriously injure a person, but sneaking up on them and hitting them over the head with it, repeatedly. Of course that's not newsworthy, unless it's a Dreamcast running linux.

    --
    sic transit gloria mundi
  13. Uh-oh by stevarooski · · Score: 3, Funny

    As soon as I read this story, I jumped up and combed our office for sinister-looking dreamcasts creeping about the floor plugged into network ports.

    Luckily, we were safe--THIS time. Those security-sapping plastic mosquitos could hide anywhere though, so maintain constant vigilance!

    --

    - - - - - - - -
    Don't worry, being eaten by a crocodile is just like going to sleep in a giant blender.
  14. Re:This reminds me of my university by imta11 · · Score: 2, Funny

    Most schools require mac address registration lately. You can walk on to the Oberlin campus and just start typing away. Other schools are like that too. Just make sre you wear an abercrombiecostume so to not raise suspicion.

  15. Mod the box first by Henry+V+.009 · · Score: 4, Funny

    If you mod the box into something black with LEDs, it might not look so out of place. Especially if you tape a while piece of paper with "67...2 Router:Smurphy" to the top (well not look out of place to the peons, anyway). Everyone will be afraid to touch it.

  16. Linux Dreamcasts by Anonymous Coward · · Score: 1, Funny

    Imagine a Beowolf Cluster of THESE!!!

  17. Extra Humiliation Factor by duck_prime · · Score: 4, Funny
    [How is this any different] from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

    Well, there's the extra humiliation factor... Imagine a bunch of IT boys from different corps going out for a beer:

    BOFH1: Yeah, I got 0wn3d today by a massive distributed DOS attack from thousands of zombie machines across the 'net.

    BOFH2: Ha! That's nothing. I got r00t3D when someone compromised the latest openSSH source. That woz pretty elite.

    BOFH3: (mumble mumble)

    BOFH2: What was that?

    BOFH3: [sobbing] An iPAQ! I got H4x0r3D by a fucking iPAQ, okay? Are you happy now?

    BOFH1: What a l00zer.

    BOFH2: Good grief.

  18. Re:pirate school mod by KILNA · · Score: 2, Funny

    Glad to see they're still teaching the 3 'arrs.

    --
    Error: PANTS NOT FOUND. Press <F1> to continue.