Slashdot Mirror
Wartrapping?
netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"
is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.
There is nothing inherently safe about liberty. That's why so many people died protecting it.
I wound't call em hackers, just opportunists.
Trying is the first step towards failure.
Well, I for one am glad that we are going to see a crackdown on today's tech-obsessed miscreant.
Than exposing your network and then trying to catch people who break in.
Since even a secured wireless network can be broken into in about 30 minutes,
it makes more sense to treat the wireless network as an external network.
All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
Doing anything less than this seems to be courting danger.
Sig for sale or rent. One previous user. Inquire within.
It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.
The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:
proves it and let's us know who they plan on selling to.And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.
You know you're a geek if you've ever replied to a tagline.
I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).
OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?
"I may be quite wrong." - Socrates
There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.
Not all people accessing wireless networks drive up to the front door.
I think many corporate IT people are instinctively scared of anything "free". This looks like a lame effort to sell a new "service" to these suckers.
If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.
Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.
Airscanning? Scannetting? Scandriving? Probing? WiScanning? AirSniffing? Airdunking? AirPorting? AirProbing? ScannerDriving?
Relive the BBS Past - One Byte at a Time! www.ssabbs.com
If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!
True technology evolves -- and this is how these 'environmental' networks will become secure, finally -- not through laws and threats against "hacking"....
For the most part, I agree with your theory that most wireless users (be they wardrivers, casual corporate users, or geeks trying to check up on slashdot) aren't threats, one needs to take into consideration crackers.
If I'm a malicious cracker and I'm out wardriving around, I find an unprotected network. Sure, I may not care about the corporate resources on _that_ network I'd have to IPSEC to, but what about other networks? I've gained access to Corporation XYZ's WLAN, why don't I start rooting boxen on other networks? They're going to trace it back to XYZ's netblock, and potentially pursue legal action. As the security architect for XYZ, I would have no option to view my deployment as criminal negligence. Sure, my internal net is protected, but crackers are sullying my good name by using my network to attack others. What if the cracker decides to use my WLAN to attack my strongest competitor? Do I drop an IDS on the WLAN? Now I've spent more time/money/resources in babysitting my open WLAN than properly introducing (be it weak) WEP and (be it also weak) registered MAC addresses.
why not just put up a courtesy 802.11b network with a net ID of 'OPEN123'....Then people who just want to downlod their mail can get it. Are you really that simple? Sure, while you're at it, let people use your fridge, oven, bed, clothes, and your bathroom when you're not 'actively' using them. How selfish can you be! Hey, while you're asleep, let 'em use your car. You probably should put your home computer out out in front of your front door during the day while you are at work and while you're at home sleeping. Hey, you're not using it. Now, tomorrow's class is learning to see what is beyond the end of our noses! (Unbelievable.)
Man, don't be such a bread head. You use technology that I invented and gave away for free every day of your life and you don't even know you are doing it.
Seriously, I have a WiFi connection in my house. If someone passing by wants to download their email that is fine with me.
If someone comes to our corporate offices and wants to download their email or send a presentation or whatever that is also fine.
Of course you get people who abuse the hospitality on offer which is why I propose use caps.
Funny thing is that I have done a lot better not worrying too much about money than the folks who think of nothing else. Thing that most disappoints me about having my stock price in the crapper at the moment is not the fact that I can't afford to buy Blandings Castle at the moment, I am much more concerned that I can't just write a check to build a hospital or school in Afghanistan. Still in five years from now I'll be doing fine and you will still be a breadhead loser who thinks only about what you shoulf receive and not about what you might give.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
So? They use port 8080 or 1080 or whatever to talk to an open proxy in a Korean school, to an open relay in France...
And if they had self-respecting admins, would they have open access in the first place? I wonder what the warchalking symbol for "clueless, playing in traffic" is? :^)
I can't wait until the first warspammed company shows up in NANAE whining/threatening to be let out of SPEWS.
One line blog. I hear that they're called Twitters now.
You walk into a large public restroom. Is it illegal to bend down to see which stalls you can see people's feet in?
Is it illegal to look at pretty girls (or boys) on the beach? It would be illegal to try to look at them in a dressing room or in their bedrooms, but if they're in public, is it illegal?
If I'm walking down the hall in a hotel, is it illegal for me to look into a room where the door is open? If the door's open, there must not be much of an expectation of privacy at the moment. I don't have the right to walk into that room or to open any closed ones, but I can look to see which ones are open, can't I? And if it's open, I can see inside, right?
The way I see it, it's all just electromagnetic radiation. If you don't want people to see you naked, wear clothes, close the door, whatever. If you don't want people to access your wireless network, use access controls.
The trouble with it all is that some people DO put up public wireless networks. How will you find them if it's illegal to search for them? It's pretty friggin' easy to turn on the basic WEP encryption and not allow people in. The fact that it's insecure and can be easily broken is beside the point here. If there's even rudimentary safeguards against public use, you assume it's private. Otherwise, it's public.
The world you live in would have no wireless access for the masses (because, evidently, you're not allowed to find the access points.) That's a world I don't want to live in, unless you've come up with another way to get fast net access on the go.
Using weak metaphors to argue about computer security gets really old. A closed door, locked or not, is an indication that you're not supposed to go in unless the owner wants you there. Likewise, a WEP-protected network may be easy to get into, but the use of WEP is a sign that you're not wanted there. And just like a house with an Open House sign on the front, my wireless network has no such "go away" signal because I want people to use it. (Of course, just like an Open House sign does not mean "please burn my house down", my 802.11b base station is not an invitation to abuse my network, just an opportunity.)
I'm getting really damn tired of the obtuseness of so many people that bend over backward to justify network intrusions. I don't get this fetish over the fact that it's broadcast over EM. So what? You don't need a freaking wire to connect. Otherwise, it's the same as any other network. And, on any other network, you are not presumed to have a right to access network assets you have not explicitly been explicitly been granted, regarldess of whether it's been secured. If someone has their permissions screwed-up on their shell account on some machine, you still don't have a right to go accessing their files. If, as once was common, you find that with your spiffy new cable modem there are suddenly thirty machines in your "Network Neighborhood", you still don't have a right to access those shares, if any. Permission has to be explicitly granted. If you haven't been explicitly given permission to use a WAP, then you are breaking the law by using it.
This isn't about "worlds". I, too, want to live in a world where there are public access wireless networks, just like I want to live in a world where there are public restrooms. The answer isn't to proclaim that all unlocked restrooms are (or should be) presumed "public", but to presume that all restrooms are private unless explicitly labeled as "public". A more thoughtful technology would use a protocol that can explicitly mark a WAP as being public. Until then, it's invasive, self-serving, unethical, and illegal to use a WAP that you don't have explicit permission to use. It just doesn't matter whether it's secured or not. Under the rule of law, the responsibility isn't on the potential victim of an injury to protect themselves from it (such as locking your doors), it's on the perpetrator to not inflict the injury. This marks the difference between the sort of society where the strong are encouraged to prey upon the weak and a society where every human being is presumed capable of moral choice--the onus is on them to choose correctly.
Your restroom analogy is very poor because the whole of it is in the context of a public place. A public restroom is explicitly public. Any random unsecured WAP is not. It's merely unsecured. So, you can "look" under the door, but it doesn't matter because, no matter what, you don't have a right to go in.
Yes, it is a crime. Trespassing.
Additionally, while using the bathroom, (s)he would be depriving you of your use of that room. Likewise, you are depriving that network of one of its dhcp/bootp allotments. Its a bad comparison, though.
If you're out searching for networks you can connect to, thats quite different from accidentally connecting to one when you meant to be connecting to one to which you are an authorized user. Looking around for open networks is closer to going and trying the front and back doors of every house on your block, than to walking in an open door. You are taking action to locate insecurities. There is no reasonable analogy to stumbling into an insecure network, though.
Either way, you're an asshole if you're intentionally trying to gain access to networks to which you're not authorized. Same as you're an asshole if you try to break into my house. I don't care if I did leave the front door open, that isn't an invitation or authorization for you to be there.
Well, with my Garmin eMap and my iBook WiFi'd to a differential GPS server, I've gotten resolution down to 1.5 feet while walking around on campus. So the resolution can be good enough, though it may not be so in concrete canyons, etc. They could potentially set up a check, but I could then massage the GPS data (it's a very simple very public data stream) to send a spoofed location (kripes I could do this in HyperCard with cool 3-d NSEW slewing buttons! or better yet a cartoon "Feathers McGraw" driving a cartoon radio controlled "Wallace" into the building proper...).
Or they could just secure the thing with ACLs, secure transactions, etc. - in short everything else that can be done that doesn't involve a pair of sneakers. Sure beats jogging through the building every so many hours with a preciously configured laptop.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."