Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Of The Dreamcasts

Posted by Hemos on from the swirly-logos-coming-at-you dept.

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."

17 of 449 comments (clear)

  1. how is this any different by Dopefish_1 · · Score: 5, Insightful

    from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

    --

    #include <sig.h>
    1. Re:how is this any different by Anonymous Coward · · Score: 3, Insightful

      Look around any office(s) and the office building itself and ask yourself how many places could a small computer be put that no one would notice for quite a while.

      Any raised floor computer room under the floor tiles, it could be put in most drop down ceilings, there are just a huge number of places you could
      place a box to do the job that would not very likely to be noticed for several months or years. Almost all of the places in question would have fairly simple access to network and power.

    2. Re:how is this any different by digitalsushi · · Score: 5, Insightful

      no, no. you dont wanna just sneak a laptop into a network... sneak it into another computer! If i wanted to mess another netadmin up... i could hide a smaller, fanless computer inside a larger computer. Then I'd figure some clever way to conceal the ethernet cable i just tapped. :) Come on, it would take half of you at least an hour to figure that one out.

      --
      slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
    3. Re:how is this any different by ShawnDoc · · Score: 3, Insightful
      It seems like a lot of work to smuggle a Dreamcast into a building, try to find a unused port and power outlet in a place that it would not draw attention, and hook it all up.

      Wouldn't it be easier to just make the same software run in the background under WindowsXX? Then all you would have to do is spend 30 seconds at someone's computer who has gotten up to get some coffee or is out at lunch, to slip the disk in and install and run the software.

      I don't know, it seems a lot easier to me.

  2. Why is this specifically a problem for dreamcasts? by fo0bar · · Score: 4, Insightful

    They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)

  3. Umm....duh!!!! by Gorm+the+DBA · · Score: 3, Insightful

    "but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. " But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". No? Really? Wow...noone's had that idea since...ummm...the invention of the house.

  4. a reason to use plan 9 by rpeppe · · Score: 4, Insightful
    where i work, we use plan 9 as a development environment - no NAT necessary. to get through to the outside world, you import the network interface from a gateway machine and use that. however, if an intruder wishes to do that, they must first break the strong authentication used by the import protocol...

    so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.

  5. Isn't it standard practice...? by Kraegar · · Score: 3, Insightful

    To only have connectivity on actively used network drops, and keep all switches in secure closets? To plug in an unknown machine in our office you would have to unplug a known one, and someone's gonna at least notice their computer stopped working. Wouldn't take long after that to discover the switch had taken place. That could easily be circumvented with a machine acting like a silent proxy, but still makes it a tad more difficult. Don't other companies practice similar procedures?

  6. Ok. Reality check folks. by carlcmc · · Score: 5, Insightful
    IF ... someone can get in undetected and hook up a dreamcast in a few minutes, your security has already been breached. If your company has something it doesn't want people to access without authorization on the computer, they should have at least the same security focus for the building.

    With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.

    1. Re:Ok. Reality check folks. by beebware · · Score: 3, Insightful

      In my experience, it's the case of if you look out of place you obviously aren't meant to be there. The "secret" is to look like you "belong" where ever and know exactly where you are going - I've walked round my old company at 10pm at night (it's a 24/7 factory) in 'skivvies' and no one questioned me, I've wandered around hospitals, office suites etc etc - all without questions asked. Ok, I may have had no idea where I was going, but as long as you don't look like that you can usually get anyway without question.

  7. Because of the footprint and cost... by digitalamish · · Score: 3, Insightful

    Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts. You could scatter them around to a few drops as backup. In addition, the footprint of the box is small, and you don't need a standard PC case. Who wants to buy a BookPC or a Cappucino (sp) only to lose it.

    Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
    --
    "That's Homer Simpson sir. One of your drones from sector 7G"

    1. Re:Because of the footprint and cost... by earlytime · · Score: 4, Insightful

      If we assume for a moment that if you can get into the faciity undetected and place a device on the network, that it's not game over already......

      why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.

      --

  8. Wireless by AlgUSF · · Score: 4, Insightful

    Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.

    --


    I want my rights back. I was actually using them when our government stole them after 9/11.
  9. no, it wouldn't by BlueboyX · · Score: 4, Insightful

    The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."

    I laughed out loud when I read this. :>

    --
    "Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
    1. Re:no, it wouldn't by psxndc · · Score: 3, Insightful
      Um yeah, but if I were walking around my company and saw a laptop on a desk I would think "Oh, someone sits there". If I saw a dreamcast sitting somewhere I'd be like "WTF is a dreamcast doing here". A DC is waaaaaay more suspicious.

      psxndc

      --

      The emacs religion: to be saved, control excess.

  10. Re:Wireless by Matey-O · · Score: 3, Insightful
    Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.
    Yeah, but if SSID broadcast is turned off, the suspect WiFi basestation would be kinda hard to detect.
    --
    "Draco dormiens nunquam titillandus."
  11. Re:Any computer by topham · · Score: 3, Insightful

    Thats why I'm laughing at this whole thread.

    I have a TINI (from Dallas Semiconductor) sitting behind me. I has an ethernet port, and serial port. Runs on 8 volts and is small enough you could put it anywhere. It was about $100.

    On the other hand, a Dreamcast is about $50 (give or take) + 1 rare broadband adapter. Which boosts the price to $150-$250 for the device.

    For $299 CANADIAN ($200 US?) I bought an XBox the other day. Gee, it has built in Ethernet, and, at the point when somebody fully cracks the bootflash could theoretically run Linux and do the same thing.

    And have an 8gig drive to log data.

    But I don't think that is a realistic use for an XBox either.