Wartrapping?

netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"

How the heck

[Sergeant+Beavis]

is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.

Re:How the heck

[netphilter]

I think the goal has less to do with actually catching the attackers and more to do with analyzing their attack methods. Traditionally the purpose of a honeypot is not to apprehend the attacker or even detect attacks (we have IDS' for that). The purpose is to analyze the methods that attackers are using to get into the networks to try to figure out ways of mitigating the attacks. Honeypots have been very effective in detecting new attacks and even new attack tools that otherwise would have taken much longer to actually find and deal with.

In this way I think that Wi-Fi honeypots could be VERY effective. Given the inherent insecurity of the protocols being used, any data that could be used to develop better standards is definitely welcome.

Hackers?

[PygmyTrojan]

where hackers outside an office gain access to unsecured wireless access points

I wound't call em hackers, just opportunists.

There are better ways to do this

[ites]

Than exposing your network and then trying to catch people who break in.
Since even a secured wireless network can be broken into in about 30 minutes,
it makes more sense to treat the wireless network as an external network.
All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
Doing anything less than this seems to be courting danger.

Idiots...

[RealBeanDip]

"The service already has six customers but, as with most such services, they are not keen for their names to be made public."

Because they're idiots, that's why.

It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.

The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:

"It needs a beautiful user interface," he said.

proves it and let's us know who they plan on selling to.

And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.

This is ridiculous

[McCart42]

I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).

OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?

Hahah

[Lan-Z]

There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.

Not all people accessing wireless networks drive up to the front door.

A Much Better Idea

[mosch]

I understand that network security is important, but this device doesn't provide network security. It's a research tool for security firms that can help provide data that will help sell security services (assuming that it does, indeed, turn up some illicit activities).

If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.

Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.

I do not get it.

[pclminion]

If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!

Re:Good

[Mike+Schiraldi]

Um, plenty of people intentionally provide free wireless access to the public. Nobody intentionally makes their car available to be stolen. People who find the honeypot may be innocent white hat people who just want to check their damn email. People who steal a car have no such excuse.

Additionally, taking someone's car is stealing -- you deprive them of the car. Using someone's bandwidth is likely not, unless you use so much that they can't get their work done.

"Crooks", houses, and wireless

[adb]

Using weak metaphors to argue about computer security gets really old. A closed door, locked or not, is an indication that you're not supposed to go in unless the owner wants you there. Likewise, a WEP-protected network may be easy to get into, but the use of WEP is a sign that you're not wanted there. And just like a house with an Open House sign on the front, my wireless network has no such "go away" signal because I want people to use it. (Of course, just like an Open House sign does not mean "please burn my house down", my 802.11b base station is not an invitation to abuse my network, just an opportunity.)

Re:Wardriving is not illegal

[kmellis]

It's not a bad analogy, it's entirely appropriate. There's nothing wrong with receiving the EM that's being sent out by a WAP, but connecting to the WAP is like trying the front door (which is arguably not an intrusion), and using it is like going inside and cooking up a meal (which is undoubtedly an intrusion).

I'm getting really damn tired of the obtuseness of so many people that bend over backward to justify network intrusions. I don't get this fetish over the fact that it's broadcast over EM. So what? You don't need a freaking wire to connect. Otherwise, it's the same as any other network. And, on any other network, you are not presumed to have a right to access network assets you have not explicitly been explicitly been granted, regarldess of whether it's been secured. If someone has their permissions screwed-up on their shell account on some machine, you still don't have a right to go accessing their files. If, as once was common, you find that with your spiffy new cable modem there are suddenly thirty machines in your "Network Neighborhood", you still don't have a right to access those shares, if any. Permission has to be explicitly granted. If you haven't been explicitly given permission to use a WAP, then you are breaking the law by using it.

This isn't about "worlds". I, too, want to live in a world where there are public access wireless networks, just like I want to live in a world where there are public restrooms. The answer isn't to proclaim that all unlocked restrooms are (or should be) presumed "public", but to presume that all restrooms are private unless explicitly labeled as "public". A more thoughtful technology would use a protocol that can explicitly mark a WAP as being public. Until then, it's invasive, self-serving, unethical, and illegal to use a WAP that you don't have explicit permission to use. It just doesn't matter whether it's secured or not. Under the rule of law, the responsibility isn't on the potential victim of an injury to protect themselves from it (such as locking your doors), it's on the perpetrator to not inflict the injury. This marks the difference between the sort of society where the strong are encouraged to prey upon the weak and a society where every human being is presumed capable of moral choice--the onus is on them to choose correctly.

Your restroom analogy is very poor because the whole of it is in the context of a public place. A public restroom is explicitly public. Any random unsecured WAP is not. It's merely unsecured. So, you can "look" under the door, but it doesn't matter because, no matter what, you don't have a right to go in.

Re:Huh?

[jpellino]

Well, with my Garmin eMap and my iBook WiFi'd to a differential GPS server, I've gotten resolution down to 1.5 feet while walking around on campus. So the resolution can be good enough, though it may not be so in concrete canyons, etc. They could potentially set up a check, but I could then massage the GPS data (it's a very simple very public data stream) to send a spoofed location (kripes I could do this in HyperCard with cool 3-d NSEW slewing buttons! or better yet a cartoon "Feathers McGraw" driving a cartoon radio controlled "Wallace" into the building proper...).

Or they could just secure the thing with ACLs, secure transactions, etc. - in short everything else that can be done that doesn't involve a pair of sneakers. Sure beats jogging through the building every so many hours with a preciously configured laptop.