Wartrapping?

netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"

How the heck

[Sergeant+Beavis]

is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.

Re:How the heck

[netphilter]

I think the goal has less to do with actually catching the attackers and more to do with analyzing their attack methods. Traditionally the purpose of a honeypot is not to apprehend the attacker or even detect attacks (we have IDS' for that). The purpose is to analyze the methods that attackers are using to get into the networks to try to figure out ways of mitigating the attacks. Honeypots have been very effective in detecting new attacks and even new attack tools that otherwise would have taken much longer to actually find and deal with.

In this way I think that Wi-Fi honeypots could be VERY effective. Given the inherent insecurity of the protocols being used, any data that could be used to develop better standards is definitely welcome.

Hackers?

[PygmyTrojan]

where hackers outside an office gain access to unsecured wireless access points

I wound't call em hackers, just opportunists.

There are better ways to do this

[ites]

Than exposing your network and then trying to catch people who break in.
Since even a secured wireless network can be broken into in about 30 minutes,
it makes more sense to treat the wireless network as an external network.
All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
Doing anything less than this seems to be courting danger.

Idiots...

[RealBeanDip]

"The service already has six customers but, as with most such services, they are not keen for their names to be made public."

Because they're idiots, that's why.

It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.

The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:

"It needs a beautiful user interface," he said.

proves it and let's us know who they plan on selling to.

And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.

This is ridiculous

[McCart42]

I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).

OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?

Hahah

[Lan-Z]

There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.

Not all people accessing wireless networks drive up to the front door.

A Much Better Idea

[mosch]

I understand that network security is important, but this device doesn't provide network security. It's a research tool for security firms that can help provide data that will help sell security services (assuming that it does, indeed, turn up some illicit activities).

If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.

Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.

I do not get it.

[pclminion]

If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!

Re:Good

[Mike+Schiraldi]

Um, plenty of people intentionally provide free wireless access to the public. Nobody intentionally makes their car available to be stolen. People who find the honeypot may be innocent white hat people who just want to check their damn email. People who steal a car have no such excuse.

Additionally, taking someone's car is stealing -- you deprive them of the car. Using someone's bandwidth is likely not, unless you use so much that they can't get their work done.

"Crooks", houses, and wireless

[adb]

Using weak metaphors to argue about computer security gets really old. A closed door, locked or not, is an indication that you're not supposed to go in unless the owner wants you there. Likewise, a WEP-protected network may be easy to get into, but the use of WEP is a sign that you're not wanted there. And just like a house with an Open House sign on the front, my wireless network has no such "go away" signal because I want people to use it. (Of course, just like an Open House sign does not mean "please burn my house down", my 802.11b base station is not an invitation to abuse my network, just an opportunity.)