Slashdot Mirror
Attack Of The Dreamcasts
kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."
from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?
#include <sig.h>
They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)
Is when someone hacks an iPod to do this. You could hide it in a wall and have an IEEE-1394 to 10base-T adapter with a cat-5 cable right into a patch panel in the wiring closet labeled D-103...
Someone strolls into the office, notices a dreambox in the corner... and they say "Hmmm, that is normal, I'll just ignore that"... hehe
More likely that they would say "Cool, lets see what game is in it!"
"CPU's Don't make mistakes....They just miss a few cycles sometimes..."
But couldn't any computer capable of running Linux and sending/receiving network traffic be able to do this as well? I'd be suspicious of a Dreamcast box sitting in a cube connected to the network. I'm guessing that the only real reason they're focusing on Dreamcasts and not normal PC's are that they're very cheap to obtain and reconfigure.
"but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. " But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". No? Really? Wow...noone's had that idea since...ummm...the invention of the house.
I'm pretty sure that someone would notice a dreamcast system sitting on their server rack. However, if you hide it behind a wall, it could sit there for years!
Wyatt
Karma: Marginal (mostly due to the border around the website)
A recent story about 802.11 described the weakness as "Someone walks into your office with a laptop and asks for a network drop." The point of the anology was that the scenario is absurd, but leaving unsecured WAP access points is equally absurd.
Silly me, I hadn't realized the uber-absurd case -- someone walks into your office with a game console and asks for a network drop.
Enigmatically enough, I first read this tagline as "Attack of the Democrats"
Almost all companies I have visited have had the opposite 'problem'. To get an Internet connection up n' running, you need to phone a sysadmin to patch the ethernet socket to the switch (most often, the spares aren't connected at all) and then give them a MAC address so the dhcp will give the box a legitimate IP address in the correct space. (Also, Dreamcast?? Suspicious, no?!)
- FF
while true;do echo -e -n "\033[s\n\033[u\134_\033[B";done
--Chag
so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.
A machine with wireless networking capabilities would be even more interesting, particularly for networks not attached to the 'net. 802.11 would probably not be best due to its limited range and higher security consciousness around it. Better would be say a pair of old ricochet modems that have range of up to a mile.
To only have connectivity on actively used network drops, and keep all switches in secure closets? To plug in an unknown machine in our office you would have to unplug a known one, and someone's gonna at least notice their computer stopped working. Wouldn't take long after that to discover the switch had taken place. That could easily be circumvented with a machine acting like a silent proxy, but still makes it a tad more difficult. Don't other companies practice similar procedures?
...if someone came into my house and dropped off a dreamcast! :-)
-Derek
Although the article doesn't mention this, I'm guessing that since they have a custom linux installation, that the modded dreamcast won't be able to run its normal dreamcast functions. What would make this seem even more inncuous would be to allow it play games too.
While it's a slang term for something sexual, it's also latin for "with". It's being misused in this context.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
Why dreamcast? So they can get free press on /. of course.
With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.
Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts. You could scatter them around to a few drops as backup. In addition, the footprint of the box is small, and you don't need a standard PC case. Who wants to buy a BookPC or a Cappucino (sp) only to lose it.
Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
--
"That's Homer Simpson sir. One of your drones from sector 7G"
Been to Pirate Training School?
Replacing 'our' with 'are' is a very common pirate thing to do. Of course, even that was slightly misspelled since 'arr' is the most correct usage, matey...
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
This reminds me of my university where people connect their laptops to the network when they aren't supposed to do so. It isn't to tricky either, you just need to find a desktop someone isn't using, find out it's IP, unplug it, set your machine to it's IP address and connect it up. Now I imagine this would present quite similiar security problems to a rogue Dreamcast or iPaq connected to the network.
Perhaps the only way to overcome this problems is give IP addresses to trusted MAC addresses only. In the context of a university this could mean the student could apply for an IP address, but could you trust the student? That's the real question
aus.music.scrapbook
"I bet I'll get blamed for this." --Mayor Quimby
"availability of an Ethernet adaptor"?
You almost have to kill someone to get a network adaptor for the Dreamcast. I'm not even sure they're being manufactured anymore (I wouldn't think so), but there are a few on eBay; the cheapest one is $60.
Besides, as other posters have mentioned, a Dreamcast doesn't exactly look inconspicuous to me, especially if some person I don't recognise is carrying one around in my building.
WMBC freeform/independent online radio.
I remember building what looked like a serial port gender changer with a wire hanging out of it, but was really an AM transmitter. Plug it into a serial port, and it acted as a radio modem sending out everything that went over the serial port.
...
This was back in the days of 1200/2400 baud modems. Plans for the device were in 2600 magazine. It had a range of about 500 meters, and broadcast on about 560 KHz. You needed a companion device on the other end. You could record the audio signals then decode them on your PC later.
On a side note. Even better would be a handheld with TWO expansion ports -- one ethernet to sniff and one 802.11b to sneak it out. Just park across the street with a laptop and another 802.11b card. Instant backdoor to the network.
Learning HOW to think is more important than learning WHAT to think.
Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.
I want my rights back. I was actually using them when our government stole them after 9/11.
for those of you w/real reasons to be concerned- would be that if these guys have thought of this - who else already has something much better in a nice small, concealable package.
And then think about how many businesses don't even come close to providing physical security to all the ports that connect to their network. Sure the computer room is locked- but how many cleaning people are in the offices at night? Usually if you worry about them at all- it would be that they steal, not leave something behind.
I had to do some work once at a call center for a client of ours. A large credit card company.
I pulled up to their building but it was this big glass box and I wasn't sure where the entrance was. I just walked around until I found a door. It was open and their were people standing around smoking. So I walked in. I was in the back by the break room.
I wandered around in there for 10 minutes or so until I found the front desk. When I walked into the lobby from inside the building and asked for the guy I was supposed to meet she was pretty freaked out. They brought up security people and asked how I got in, etc.
I hope my credit card company isn't that easy to get into. But I'd be surprised if its much more secure. I wouldn't be surprised it it is less secure.
Something to think about.
.
It's hard to believe that's how Micronians are made. Why don't we see it right now by having you both kiss one another?
... so I just popped in NFL2K2 and showed the hacker who was boss!!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
With the source code you can a variety of things, like getting the OS to run on platforms not originally intended to run that type of OS. Is it even marginally possible to get Windows to boot on anything other than a x86 or Itanium based system these days? (Note: I am only talking about modern releases of Windows, not NT4.0 and its Alpha support. This is not counting XP Embedded or WinCE/PocketPC releases, which again are limited to one maybe two processor types.)
-.-
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
All those girl ninjas running around stealthily tucking Dreamcasts under their arms - They weren't trying to steal them. They were trying to deploy them!
Now I understand the tagline... It's thinking...
"Mod, mod, mod...and another troll bites the dust."
A Sun IPX (or any lunchbox style) system with an AUI port and a modified transceiver is much better. I use one of these as a secure syslog; in particular because you can modify the transceiver so that while it is capable of receiving data, it is incapable of sending at a hardware level. There is no way, short of physical access, to detect the machine. It's great for packet sniffing and logging -- syslog using UDP is connectionless, and works well with read-only network connections. This is also better than modifying the ethernet cable, because these modified cables do not actually work properly (the transceiver with tx pins removed will keep a valid *empty* tx signal, whereas a modified cable usually just pumps the rx'd signal back to tx, confusing the equipment into maintaining a link).
And if you can sneak in once, why not twice? Or better, equip the computer with a cell modem or amateur radio equipment (How many "wartalkers" look for that, eh?) , and dial in. No need for probes which may set off IDS systems, or outgoing packets (like ARP or DNS requests) that alert crackers to a computer's presence.
I think you cut pins 3 and 10 (on the connector to the computer on the transceiver) but that's not certain.
I'd like to see you hide an E10k in the ceiling.
The article states that this is a "disposable solution. Their intent is a drop and go process. This is less appealing with a thousand dollar laptop or other devices with aforementioned IP stack. More dreamcast mod info here
If we don't fight for ourselves no one will.
We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.
Of course, they didn't fix the basic problem or find our little friend. For all I know it's still running up above the 'ol drop ceiling -- we were to chicken to try and retrieve it. Of course, this was a private school, so the real joke was on us (the clue -- consultants were being paid for by our own stupid selves).
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."
:>
I laughed out loud when I read this.
"Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
...hacking a company with the Playstation 2 - it can scan 75 million ports a second, 20 million with effects.
Unless you have an unusual network where 99% of it is from the same manufacturer your unlikely to notice unless you start looking. I don't have the broadband adapter for the dreamcast, but I understand it uses a Realtek chipset. So, I expect it uses a similar MAC address range as the more generic cards out there. Not sure what the manufacturers id would be.
With a network of a few hundred machines and random equipment I doubt it would be noticed. Add to the fact that you won't have a mac address for antyhing except what is on your own segment...
You aren't likely to notice it unless you are already checking for non-approved equipment.
From the article: Cyberpunks will be toting cheap game consoles on their utility belts this fall
Yeah, the Dreamcast is dirt cheap. The "broadband adapter" needed to hook it up to an ethernet network? Quite pricey.
I would think much in the same way, a Dreamcast running linux can be used to seriously injure a person, but sneaking up on them and hitting them over the head with it, repeatedly. Of course that's not newsworthy, unless it's a Dreamcast running linux.
sic transit gloria mundi
One of the biggest problems here is that so many companies are permissive with dhcp. If security is a real concern, you shouldn't be handing out IP addresses to unknown MACs like christmas candy. Having to figure out a safe/available IP address ahead of time at least makes this more difficult.
Says the RIAA: When you EQ, you're stealing bass!
As soon as I read this story, I jumped up and combed our office for sinister-looking dreamcasts creeping about the floor plugged into network ports.
Luckily, we were safe--THIS time. Those security-sapping plastic mosquitos could hide anywhere though, so maintain constant vigilance!
- - - - - - - -
Don't worry, being eaten by a crocodile is just like going to sleep in a giant blender.
Near where I live there is this giant uber arcard called Playdium. Instead of using coins or tokens in the machines to get credits you swipe a little plastig card with a barcode on it through a reader. This reader in turn is hooked up to a solid-state machine running MSDOS which then contacts a MS SQL server to see if their is enough credit on the card and if there is it sends an authorization to the machine.
:)
One day we decided that we wanted to get free video games. After scoping the place out we discovered that all the 10baseT ports that the video games plugged into were in fact patched into a 3com 3300 switch and were active. The network designers I guess figured it would be easier to activate all the ports instead of making some video game tech figure out how to patch stuff in.
We brought in a laptop with a long cat5 cable and looked for a place to plug it in where we wouldn't be noticed. Jurassic Park 3 has this little thing you sit in a close the blinds so the ambient light would stay out. It would do nicely.
We watching what we could with different packet sniffers (we were also very paranoid of getting busted) and were able to bring up the Switches web management system. We discovered that the video games use DHCP to get an address in the 10.10.x.x subnet and the video games also seem to contact a master server for configuration information. ie. How much does this game cost. By this time we had been sitting in Jurassic Park 3 for 2 hours and were getting REALLY paranoid. So we decided to try something malicious. We arp-spoofed/flooded everything we could see. An interesting thing happened. When the game control units can no longer talk to their master server, they go into 'free' mode. I guess this is in case there is a network failure. They'd rather lose a bit of money than piss of 100s of people. While our little program ran, every game in the place became free. So I thought to myself, why not just unplug the Cat5 cable for a game to make it free. That doesn't seem to work. I think this is because it needs to detect a link before it will go to free mode. Anyhoo, I guess the moral of this story is to have some kind of port security on your network ports in your business. or something
"The dreamcast will then probe for ways to connect to the outside world."
Sega Dreamcast..."It's Thinking"
Sometimes I doubt your commitment to Sparkle Motion.
The real significance is the almost universal glee to be had around here when someone manages to hack one kind of computing device into something which it was never originally designed for.
to just burn a CDR that boots Linux and does all the same stuff on a PC with any of the top X ethernet cards? Set it up to stubbornly ignore all keyboard input and never display anything on the screen. Write "coaster" on it with a black magic marker, drop it in some currently unused PC and hit power/reset and haul ass. Do it at 4:50 PM on a Friday and you'll probably have to 9:00 AM on monday to own some other box on a more permanent basis.
Hell, you might be able to modify a tomsrtbt to do this and wipe (or dd if=/dev/zero of=/dev/fd0; dd if=/dev/urandom of=/dev/fd0) the diskette once the ramdisk is loaded.
IOW, this whole thing strikes me as more of a "stunt" than a "hack."
-Peter
The "they" in question isn't Sony, it's the folks who are trying to claim some kind of cracker breakthrough by running sniffers on a dreamcast.
It's not news that an IP-capable machine with connectivity to a network can search for weakness in the network. These guys use a dreamcast so their non-news can get some attention.
It seems to me like this would be an excellent way of giving IP to idiots. Which is the business MS is in. When I first start up/install WinXP, how come they don't do the same thing for me? Everytime my dad gets a new computer for his office, he calls me and tells me to come in and configure it for him. Why aren't all devices self configuring like this?
There are no trails. There are no trees out here.
You can bet that I would at least grab the BBA out of it and sell it on ebay.... Those things are like GOLD.
A pair of coders are now suggesting that it is possible, with a modified ... system ... to sneek into an office building and stick it on a network drop .. then probe for ways to connect to the outside world.
You're kidding! Wow, how long did it take them to figure this out?
In other news... banks have now been found to be extremely insecure. All you have to do is break in, shoot all the guards, dynamite your way through the vault... and you have unlimited access to all their money!!
Unix is user friendly, it's just selective about who its friends are.
If you mod the box into something black with LEDs, it might not look so out of place. Especially if you tape a while piece of paper with "67...2 Router:Smurphy" to the top (well not look out of place to the peons, anyway). Everyone will be afraid to touch it.
A dreamcast in an office building sticks out like a nun in a strip joint. Maybe if you hid the dreamcast in a suitcase or hid it under a bunch of papers in a filing cabinet, but not by itself.
Good point. This becomes significantly more complicated if you can't get ahold of a broadband adaptor for the Dreamcast. The last time I looked they were for sale on eBay for at least twice what you would pay for the unit itself! I just looked, in fact, and neither eBay nor Half.com had one for sale at any price.
Alternatively, you could run a coder's cable (they run about $20 US) from the serial port on the unit to the serial port of a standard PC, but at that point, you might as well just lug in a laptop. A coder's cable is a a good way to network your DC if it runs Linux or BSD, though. You can then mount a different machine as a network drive using NFS.
"Can't you see that everyone is buying station wagons?"
Take a look at the Dallas Semiconductor TINI. It's a Java runtime environment on a 72-pin SIMM, complete with ethernet, serial, I2C, parallel IO, battery up to 1 meg of NVRAM, filesystem emulated in RAM, etc, etc. You can write web or ftp services for it in a few lines of Java, thanks to the supplied classes. You develop your Java code on your PC, compile it to Java bytecode, and then FTP it up to the little TINI device. My description is not doing this hardware justice, so I'll leave some links below.
Anyways, my point is this type of device is probably easier to program than a Linux Dreamcast. It may or may not be cheaper (sub-$100). And it's a lot easier to hide, if that's the goal. I've programmed a handful of hobby projects with this board, and it's really quite amazing for the price. (Compared to trying to implement an TCP/IP stack on a PIC microcontroller, say.)
TINI hardware
TINI
TINI board resource center
more resources
DalSemi discussions
Finally a reason to pull my dreamcast from out of my closet! This sounds way cooler than any game I ever had for the thing.
The only problem I have is with the part about how if you brought it into a business they would think its just a game system. I would be immediately suspicious of anyone toting around a Dreamcast in this day and age. Maybe if they made this hack for a PS2, or better yet, for the XBox. Or the gamecube, Super Hack Brothers Melee...
It occurrs to me that a ThinkNIC would be an equally good platform for this.
It's cheap, departmental grey, looks like a piece of network componentry, uses GPL'd software (easy to change for your evil ways), and boots from a CD.
AC in and ethernet out...
"Draco dormiens nunquam titillandus."
It strikes me that people have generally ignored a very valuable tool of hacking: social engineering. Kevin Mitnick proved its prowess, and we've all heard of him, no? A DC is technically feasible, but falls short on the social engineering front.
n dex.html
So, I propose that instead of using a relatively conspicuous DC, or even a laptop, you buy a TINI computer:
http://www.ibutton.com/TINI/hardware/i
And then modify it into an old Cisco plastic shell. Write something like, "Cisco Network Load Balancer" or something (in a believable fashion), slap it in as close to the server room as you can.
The issue here is not "can I crack people's networks from the inside?" but, rather, "can I _keep_ cracking the network for more than a couple weeks?" You think to look at a laptop or DC for a network spy, but who bothers to look at some random piece of Cisco hardware in a corner? I'd say the risk of discovery becomes far lower - and with TINI, you could theoretically put together a "button" that would wipe the contents of the device if it was moved.
Just an idea.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
There is really very few ways to prevent such an attack. (I've been thinking about this for some time). Even if you had MAC-Address filtering, a drop machine could be configured to learn MAC addresses, and take over the MAC and IP when that MAC is no longer present on the network (is shutdown).
The best way I could think of locating suspicious activity, is to setup a machine in the same range as the important servers... And investigate any connections to it (as no one should be connecting to it). This only stops the more active attacks though.
To sniff data off the wire, you only need to be getting an electrical signal. You don't need a MAC or IP address. To prevent this kind of sniffing, you would really have to go around and verify that the each active port (on the hub/switch) corresponds to a machine that should be up and running.
However, in a microsegmented network, where each network interface coresponds to a port on a switch, listening to the traffic on one port will not yeild much. So the sniffer would have to flood the switch with MAC addresses, or forged ARP replies. That kind of thing could be picked up if you monitor your switches.
So the point? Use switches directly to the computers anywhere remotly important... And protect your uplinks (links from switch to switch, switch to router, router to router) so that no-one can tap into them.
Of course, all this requires an incredibly great deal of manpower, and administrative vigilance. The real solution is to use IPv6 (or IPv4 with IPSec) since it encrypts all traffic.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Good spelling and grammar should be a mandatory requirement for all posts to any website. I can't believe Hemos didn't catch that. No, wait, yes I can.
"So you'd be hacking your own company and keeping the dreamcast on your own desk?"
Which would be stranger:
A seemingly inactive Dreamcast sitting on my desk or a Dreamcast sitting in the server room?
Hmmm?
Almost trivial with Windows 2000 and Global Policy Templates.
Very doable with the IPSec and LDAP upgrades in Solaris 9.
Key management is still a Royal PITA on other platforms.
"Flyin' in just a sweet place,
Never been known to fail..."
I see two major drawbacks to the use of a "Dreamcast" in this role-
I do not deploy Linux. Ever.
you know you're all terrorists for even discussing how to do this, right?
The only thing that would be more incriminating would be to bow to Mecca in front of an FBI agent.
Don't waste your Dreamcast! If you have physical access to the building, desks, etc, then why not just jam in a bootable floppy and reboot an unattended machine to:
1) port and service scan
2) send out results via http/ftp/ping/email/etc
3) wipe the floppy clean
4) write an innoculous text or word document on the floppy
4) reboot the workstation again
This leaves nearly zero physical evidence that there was an intrusion. Just an abandoned floppy and a rebooted machine.
Sure, you _might_ get past building security with a video game console in your bag. But I guarantee you'll get in with a floppy. And would you rather be caught plugging a floppy into a workstation or a video game console into the network?
And you'll still have your Dreamcast at home, running DCMAME!
"Lawyers are for sucks."
- Doug McKenzie
This was pretty much just to see if we could, which as I think about it seems like the reasoning behind most of what I did in high school. Well, at least the things I did in high school that didn't involve girls.
Admit it. Most of what you did with girls was just to see if you could, too.
Nope, no sig
I've often thought of doing this myself where I get paid to work, not so much to sniff passwords but to have a little back door should I decide to leave. It'd be trivial to stash a laptop or other device in a little-used ceiling space and run a drop directly to a patch panel.
More challenging would be setting up a way to get the machine to periodically reconfigure itself to get out of the office network and establish a tunnel to the outside that could be used to get back inside.
The way that occurs to me is to have it load a public web page periodically and parse out the destination IP and then have the "automaton" search for ways out of the network to a destination host set to listen for tunnel attempts from the automaton.
I'd imagine you'd have to come up with really clever ways to get out of heavily firewalled/proxied business networks, some really don't allow any random end nodes to get unfiltered/proxied packets out of the network. Best way would be to tap into a fax line and have the machine periodically dial out, leaving a more clever human to fix any dedicated network tunnel.
I'm not sure what I'd *do* with a host if I had one, though.
If you're going to go this far (taking a DC into {company} with the intention of getting access to their network). Why not go to the next step:
Strip the guts out of the DC, hollow out a large reference book (one appropriate for the business), make discreet entries into the 'book' for the cables (a book with cables running into it would be suspicious, figure out a nice way to do this), then put the DC guts in the book.
"... the advance of civilization is nothing but an exercise in the limiting of privacy" - Janov Pelorat
Didn't catch the part where I said that it'd be obscure enough that they wouldn't know to look for it, didja? :)
However, when they see a foreign device in the server room, that'll tip them off right away.
Well, there's the extra humiliation factor... Imagine a bunch of IT boys from different corps going out for a beer:
BOFH1: Yeah, I got 0wn3d today by a massive distributed DOS attack from thousands of zombie machines across the 'net.
BOFH2: Ha! That's nothing. I got r00t3D when someone compromised the latest openSSH source. That woz pretty elite.
BOFH3: (mumble mumble)
BOFH2: What was that?
BOFH3: [sobbing] An iPAQ! I got H4x0r3D by a fucking iPAQ, okay? Are you happy now?
BOFH1: What a l00zer.
BOFH2: Good grief.
Check out the SPINACH project at Stanford: http://mosquitonet.stanford.edu/publications/spina ch.html
It's designed to precisely address this issue by limiting network access from hosts whose Hardware Ethernet addresses are unknown to the local subnet only (not past the router) until it is authenticated (by some password or other scheme). Thus, if you put a Dreamcast on a SPINACH network, it could only reach hosts on the immediate subnet, unless you spoofed the MAC address or something...
There's 10 types of people in this world, those who understand binary and those who don't.
And don't forget the irc channel #linuxdc @ irc.openprojects.net.
Forget all the blackhat nonsense - we need hardware hackers now.
1-800-97-Legal. Its the number for Jacoby & Meyers because your going to need them after your arrested for "leaving a little back door".
For anyone else thinking about doing this, don't be stupid and please use a little common sense. If you do something like this and get caught you will not only pay a huge fine like $10-25k minimum, but could easily end up in jail.
If you wanna get rich, you know that payback is a bitch
This demonstrates one of the biggest problems with firewalls in practice. It allows a network administrator, and all the users on the network, to have a false sense of security about how vulnerable their network is to the outside world. As the article stated, once you get through the rough outer coating (the firewall), you pretty much have the run of the place.
The firewall should be used for two primary reasons. First, because you don't trust the internet. This makes perfect sense to almost everyone. The second reason, is because you don't trust your users. After all, if you trusted all your users to keep the machines secure, the firewall probably wouldn't be necessary. Therefore, its in your best interest to not allow carte blanche access to the internet from the inside, just as you don't allow open access from the outside.
Of course, at the same time it needs to be secure, it also needs to be convienent. If someone has to jump through hoops to find a webpage or read an email, the entire purpose of having those services available is lost. At some point you need to trust your users, even if they can't be trusted. So minimise the damage a single user can do.
If a user gets a virus, how far can that virus reach? Can it infect the entire network, or will it be isolated to the local machine, or to a specific account. What happens if a password sniffer is installed somewhere on the network. Will it be able to obtain any useful information? Are the machines tripwired to detect any modification of key utilities? Are there live network connections that are unused? Do you use static or DHCP addresses? Some of these features might make life easier for the sysadmin, but they also make it easier for a trespasser.
Of course, many of these problems are addressed only with hindsight. If someone wants to get onto your network badly enough, they will probably find a way. The important thing is that if and when it happens, you can detect it immediately, minimize the damage they can possibly cause, and immediately fix the problem that allowed them in in the first place
-Restil
Play with my webcams and lights here
On a related note, the Nintendo gamecube is a stock panasonic DVD mechanism. Sega and Nintendo can't afford to mass manufacture custom drives...hey, even Sony and Microsoft don't do that...
(-1, Raw and Uncut is the only way to read)
That is obviously *not* simply a typo. It's a demonstration of stupidity.
Not only this, but two recommended practices (and EVEYONE does this, right? ;-) would stop it from doing anything:
1 - don't light up unused ports
2 - use switches instead of hubs and there'll be nothing to sniff...
Mark
But if you've got a budget for the job, use a palmtop. A Windows CE machine would fit into a tight space, and you'd never notice it.
Oh yeah, and if it HAS to be Linux, some palmtops will run it, too.
Just configure the network switches to accept only certain MAC addresses on certain ports and that should end the problem of people putting "rogue devices" on your network.
However, for companies who do not do this already it will be a substantial investment in time to set up something like this.
Any other thoughts?
"A plan fiendishly clever in its intricacies"- Homer Simpson
Except to say that we should secure the physical access points to our networks. Of course if you allow strangers to plug into your network they are going to be able to find a way to talk to the outside world.
Most TCP/IP networks nowadays runs DHCP so just plugging in will usually get you a valid IP and from there you can pretty much guess the gateway or sniff it out. The important thing is not to allow unauthorized people to plug-in in the first place.
Most compromises are not high tech. Most compromises are a result of either a disgruntled employee or an employee that foolishly gives out password information.
Maybe the hacker calls a company's I.S. shop and says that he's from Cisco. The router is having problems and he needs the logon password to fix it. Or maybe a hacker just walks in to a large building with a laptop, RJ45 cord and big balls. He plugs in and starts sniffing.
We have a Group of people in Washington State Government that goes around and tests security. One guy told me that once he walked into a Department building, plugged in and was sniffing usernames and passwords. Someone asked him who he was so he gave them some bogus story and they asked if he wanted coffee! So he sat there eating their donuts, drinking their coffee and breaching their security!!
The race isn't always to the swift... but that's the way to bet!
It isn't true. See Intrusion Detection FAQ
--
Ilya Martynov (http://martynov.org/)
Since these guys are already doing bootable CDs, they could do one for a generic PC. Have it put up a VGA Blue Screen of Death mock-up as early as possible and then target machines that look out-of-the-way and/or unused, especially older looking machines.
Lots of places that I've been have these sorts of boxes sitting around because they become unused gradually. I've seen machines like this display BSoD for weeks on end before anyone bothered to either reboot them or turn them off.
With this approach, the total leave-behind hardware investment is $0.25 for the CD-R.
Glad to see they're still teaching the 3 'arrs.
Error: PANTS NOT FOUND. Press <F1> to continue.
I dunno about you, but I tend to walk around work with my eyes taking in the full scope of walls. An ethernet cable snaking up and into the ceiling, anywhere, will catch my attention.
Then again, maybe I'm just a little bit paranoid since at my employer's last building we had cables running up and down walls all over the damn place - not much choice when people are packed in like sardines and there aren't enough close-by ports to meet people's needs.
Now that we're 4 months into a new building, with enough ports to go around (and the financial wherewithal to have more drops installed when we've needed them), I have to keep an eye on the little monsters who are used to the idea of stringing cables -- that way they don't have to plan beyond today.
Moof!
Better yet, spraypaint it black, disable to amber light, and tell people it's an external CD drive capable of reading high-density disks (Which would be technically true). Meanwhile, your CD drive is hacking the company network.
Misdirection, not obscurity.
If they used a Dreamcast to crack Sony's corporate office network?
Or at least to introduce new "leg lifting" behavior models to their Aibo software...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
Dreamcasts didn't have any "bootsrapping" whodinglers or anything.. you just stick in a CD-R of the game you downloaded from alt.binaries.dreamcast and play away.
You're actually behind. The CD's you download from a.b.dreamcast already have the bootloader on them. That's the 2nd gen rips. The first gen were GD's or whatever that had been converted to bin/cue's. You had to put a dreamcast boot disk into the drive and then this picture of a dog would appear and then you open it and insert the downloaded game.
Google search for "Utopia Boot Loader".
Dreamcasts have always had this copy protection, and to my knowledge you haven't been able to just copy a disk with something like cloneCD and expect it to work without modding the DC. It's just that the later games eliminated the need to load the boot loader on a seperate CD.
Some games you still have to load that way, i.e. Echo the Dolphin is about 701 megs, no room for a bootloader.
~Will
sig?
Sure, on-site network security is a problem too.
But sniffing with a Dreamcast? Ethernet adapters for the dreamcast so rare as to sell second-hand for double their original list price or more... That would total to $250+ including an ebay-purchased DC, for a system with extremely limited local storage that wouldn't do anything more than an old 486 or early pentium system I could buy at a garage sale for $30 could. And well-hidden network and power connections mean that you'd pretty much have to put it in a ceiling or wiring closet anyway; I can't see how the somewhat smaller size would matter much.
Well, I know I'm in the minority here, but as an employee of Lawrence Livermore National Laboratory, whose security rules come from the U.S. Department of Energy I can say that all of our janitors have a background check.
>Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts.
If you can get me 4 dreamcast ethernet adapters for US$300 (even without dreamcasts to go with them), I'll buy them off of you right now. Dreamcast BBA's are selling on ebay for $100-$150. You can barely buy two dreamcasts with ethernet adapters for $300, let alone four.
Why would you be spending $300+ anyway? An obsolete yard sale notebook should do the trick, and I can't see one setting you back more than $150.
Many locations use static configurations loaded from a remote server. If the company really likes security, each system would have a burnt CD for booting + a remote share for home directory data. Or a mainframe style setup with thin clients.
A small, low power, low noise, inexpensive box that can be placed somewhere in a building that will find its own way is very much a sophisticated solution, much more so that a trojan attack.
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
My supervisor tried to plug in his brother's PC into the net, it shut down his access port. Then he plugged it into my hub, shut down mine too. Had to call one of the LAN guys to reset all ports in my office. I'm not sure if they filter by allowed companies and all NICs have to be Intels or whatever, or they have a complete table of allowed MAC addresses, but either way this wouldn't work on my network.
If you need a broadband adaptor, look above the second tile on your left when you go to work tomorrow. It should have a Dreamcast attached, too. Enjoy your new dev platform! (:
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
Paint the DC flat black, print up a fancy label like "CyberIntelliScan 2000X". Use chalk and scribble "DEMO UNIT".
For the finishing touch, tape a handwritten note saying:
"Network Optimization Scan- please don not touch- Joe", using the name of the director of the IT department.
With luck, any hapless admin who sees it will think it's just another fart-in-the-wind product the PHB is testing out for his brother's company, and not pay any attention to it.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
Brings a whole new meaning to "not supported", ;-)
Alex
Are you sure this would really be chaper?
> Are you sure this would really be chaper?
:)
Well, given the posts about ethernet adapters for the dreamcast costing $150, probably. Regardless, the cost will be pretty similar.
EPIA 5000 board, with processor (runs fanless) $99
64MB RAM $11
16MB CF card (for boot media) $15
145W Power Supply $25
Total: $150
You can use a cardboard box and duct tape for the case.
The EPIA system also has the advantages of being standard hardware.