Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wartrapping?

Posted by michael on from the arms-race-just-getting-silly-now dept.

netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"

36 of 266 comments (clear)

  1. Honeypot Symbol by VVrath · · Score: 5, Funny

    I'm guessing the submitter wasn't thinking of Winnie the Pooh...

    Liam

    1. Re:Honeypot Symbol by chegosaurus · · Score: 4, Funny

      then may I suggest p00h as a honeypot symbol?

  2. Huh? by Ed+Avis · · Score: 4, Interesting

    I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?

    --
    -- Ed Avis ed@membled.com
    1. Re:Huh? by Zeinfeld · · Score: 5, Interesting
      I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?

      The problem is that they called the security scheme Wired Equivalent Privacy, thus botching the job from the start. They failled to understand that the big difference between a wired and a wireless network is access control, you can bypass the guard at the gate.

      This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.

      Secondly it is very easy to apply a layered security solution. You can use IPSEC or 802.1x with a bunch of other stuff.

      The bugs in WEP have been known for some time and the people doing the next generation crypto security know what they are doing. Incidentally the 802.11 working group knew about and was fixing the bugs before Stanford put out the report. A small company up in Redmond Washington had decided to make 802 available throughout their campus (sounds like a directive from his Bill-ship). Before deploying their crypto people had a look at the security of WEP and went AGGGHH!

      I found out about this because I tried to contact Big-Softie after hearing about the WEP problems at a cipherpunks meeting. Working out how to fix a problem like that without having to replace every card is really hard.

      Point is that nobody should be using honeypots until they have actually deployed decent crypto security. And you should protect the honeypot as closely or almost as closely as the real network.

      Rather than messing with this stuff why not just put up a courtesy 802.11b network with a net ID of 'OPEN123' or something, plug it into your network so that it is outside the firewall and set throttles so that nobody can use too much bandwidth. Then people who just want to downlod their mail can get it.

      I keep trying to persuade folk that we should do this sort of this in the base infrastructure, Access points should offer a guest mode as standard with appropriate limits, say no more than 20Mb of guest use per hour.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    2. Re:Huh? by Egoine · · Score: 5, Interesting

      "If all Wi-Fi cards had a mandatory GPS system reporting their location"

      Yeah right. Like someone who would want to use your network wouldn't lie about his position (by hacking the card, driver,etc..). Maybe non-trivial, but once one guy does it, he gives the recipe.

      When modems began to be deployed, corporations wouldn't even ask a password to be connected. Just dial the line. This is equivalent of the now unsecured wireless networks. Your solution would then have been to only allow some phone numbers to dial in. Not that bad, but asking for a password is probably simpler and better.

    3. Re:Huh? by gorilla · · Score: 5, Informative
      GPS doesn't work indoors. GPS doesn't work when there is an object between the receiver and the satellites. GPS doesn't have the accuracy to give a precise line at the edge a of a building.

      Stop thinking of GPS as a magic solution to all problems involving knowing where you are. It's good, but it's not that good.

    4. Re:Huh? by walt-sjc · · Score: 4, Informative

      It's actually quite simple to fix this. If you want a secure WLAN, put it off a leg on your firewall, require ALL traffic to be IPSEC to the IPSEC server. Deny ALL non-IPSEC traffic on that leg.* I see no reason to have an open WLAN unless you WANT an open WLAN.

      * Obviously, you need a dhcp server handling that leg so it's not quite ALL traffic, but you can really restrict what that leg can do, how it's logged, etc.

    5. Re:Huh? by jpellino · · Score: 4, Insightful

      Well, with my Garmin eMap and my iBook WiFi'd to a differential GPS server, I've gotten resolution down to 1.5 feet while walking around on campus. So the resolution can be good enough, though it may not be so in concrete canyons, etc. They could potentially set up a check, but I could then massage the GPS data (it's a very simple very public data stream) to send a spoofed location (kripes I could do this in HyperCard with cool 3-d NSEW slewing buttons! or better yet a cartoon "Feathers McGraw" driving a cartoon radio controlled "Wallace" into the building proper...).

      Or they could just secure the thing with ACLs, secure transactions, etc. - in short everything else that can be done that doesn't involve a pair of sneakers. Sure beats jogging through the building every so many hours with a preciously configured laptop.

      --
      "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
  3. It might look something like this by DaedalusLogic · · Score: 5, Funny

    )( :-(

    or

    )NO!(

    Or failing that a picture of a fat bear with handcuffs being lead away by the brain police. Damn you Pooh bear...

    1. Re:It might look something like this by Storm+Damage · · Score: 4, Funny

      d'Oh!

      I mean like this.

      blargle...now it's not even funny anymore.

  4. How the heck by Sergeant+Beavis · · Score: 5, Insightful

    is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.

    --
    There is nothing inherently safe about liberty. That's why so many people died protecting it.
    1. Re:How the heck by netphilter · · Score: 5, Insightful

      I think the goal has less to do with actually catching the attackers and more to do with analyzing their attack methods. Traditionally the purpose of a honeypot is not to apprehend the attacker or even detect attacks (we have IDS' for that). The purpose is to analyze the methods that attackers are using to get into the networks to try to figure out ways of mitigating the attacks. Honeypots have been very effective in detecting new attacks and even new attack tools that otherwise would have taken much longer to actually find and deal with.

      In this way I think that Wi-Fi honeypots could be VERY effective. Given the inherent insecurity of the protocols being used, any data that could be used to develop better standards is definitely welcome.

      --
      "Herbivores eat well cause their food never, ever runs."
  5. I don't by Apreche · · Score: 4, Funny

    think that there's a warchalking symbol for a honeypot. I think that writing SANDERS in really poor backwards handwriting is good enough. /me hopes people aren't lame, and they get the joke

    --
    The GeekNights podcast is going strong. Listen!
    1. Re:I don't by Otto · · Score: 4, Informative

      http://www.worldvillage.com/wv/school/images/scrns hot/pooh2.gif

      Best I could find.

      And in that case, wouldn't it be a "Hunnypot"?

      --
      - Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
  6. Hackers? by PygmyTrojan · · Score: 5, Insightful
    where hackers outside an office gain access to unsecured wireless access points

    I wound't call em hackers, just opportunists.

    --

    Trying is the first step towards failure.

  7. There are better ways to do this by ites · · Score: 5, Insightful

    Than exposing your network and then trying to catch people who break in.
    Since even a secured wireless network can be broken into in about 30 minutes,
    it makes more sense to treat the wireless network as an external network.
    All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
    Doing anything less than this seems to be courting danger.

    --
    Sig for sale or rent. One previous user. Inquire within.
  8. WarSTUPID by Anonymous Coward · · Score: 4, Interesting

    Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

    Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

    And don't even get me started on the idiotic term "Wi-Fi"...

    1. Re:WarSTUPID by tweakt · · Score: 4, Informative
      Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers.
      The "War" prefix is from the movie WarGames (1983)

      The dialer program in the movie, and ones like it which people made, got nicknamed "War Dialers".

  9. Idiots... by RealBeanDip · · Score: 5, Insightful
    "The service already has six customers but, as with most such services, they are not keen for their names to be made public."
    Because they're idiots, that's why.

    It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.

    The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:

    "It needs a beautiful user interface," he said.
    proves it and let's us know who they plan on selling to.

    And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.

    --

    You know you're a geek if you've ever replied to a tagline.

  10. This is ridiculous by McCart42 · · Score: 5, Insightful

    I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).

    OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?

    --
    "I may be quite wrong." - Socrates
  11. Hahah by Lan-Z · · Score: 5, Insightful

    There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.

    Not all people accessing wireless networks drive up to the front door.

  12. A Much Better Idea by mosch · · Score: 5, Insightful
    I understand that network security is important, but this device doesn't provide network security. It's a research tool for security firms that can help provide data that will help sell security services (assuming that it does, indeed, turn up some illicit activities).

    If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.

    Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.

  13. 802.11 can be secure, if the admins know how to! by Diver777 · · Score: 5, Interesting

    I recently worked at a large government organization (in Canada if it matters). The particular organization held a lot of information classified secret. It was all stored on a password protected mainframe that users accessed through telnet.

    Well, someone had liked the idea of setting up wireless networking for a group of users in the building. The admin who installed the system simply used MAC address authentication as the only security on the WLAN. They only had so many wireless nics, so they simply added those addresses.

    The problem here is that the admin did not realize the security hole he had just opened, as we all know that mac addresses offer no security at all. Though the wireless network I was able to capture plaintext telnet sessions, which included logins and passwords, and I could gain mainframe access from my car in the parking lot. (BTW, don't attempt these types of activitys without your employers permission).

    If the admin had done his homework he would have at a minimum turned on WEP (although it is not secure either, but before the crack was out it was thought to be). Finnaly I convinced them to start using the built-in LEAP authentication and a RADIUS server, as well as limiting the access that users could have with their wireless nics (ie, no telnet access though the wireless). With simply a little deeper look into the security aspects of 802.11, the admin wouldn't have opened the huge security hole in the first place.

    --
    The reason Santa is so jolly is that he knows where all the bad girls live.
  14. It should be EASY by newestbob · · Score: 5, Interesting
    to sit in an airport or a starbucks with a hidden laptop + 802.11 card that presents a welcome screen that LOOKS LIKE some pay-per-use internet access point.

    I would never use one of those airport systems because ANYONE could be spoofing it. There could be someone sitting next to me with a laptop in his suitcase.

  15. war & wi-fi by Erpo · · Score: 5, Informative

    Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

    Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.

    If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.

    Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

    As far as I know, wardriving is the only war* term related to 802.11 technologies.

  16. Wardriving is not illegal by alexjohns · · Score: 5, Informative
    Driving around and finding unsecured wireless access points is not illegal. There's no reason to make it illegal. If you don't want people accessing your network, secure it. I have yet to see an article about anyone driving around, finding a secured wireless network and then trying to break in. What's the point? OK, fine, if you're stealing something or trying to find insider information, yeah, that's illegal.

    For those of us looking for wireless acess, we just want to check email and check a few web pages. There's no way of telling whether a unsecured wireless network was deliberately unsecured to allow people to access the Internet, (like many people and some businesses - notably, Starbucks - do) or whether it was left unguarded due to ignorance, laziness, or boneheadedness.

    If you find people accessing your network and you don't want to share, lock it down. What's the point of a honeypot? To find all those roving bloggers on park benches, obsessively updating their fans on the minutiae of their lives? What are you gonna do when you find them? Slap them on the wrist?

    Doesn't everyone realize that this is the future? Unfettered access to information, whether you're in line at the DMV, at the park with the kids, Saturday morning soccer, whatever. What other technology is going to bridge that last mile? Nobody's putting fiber down in my neighborhood. Wireless seems like the best option for fast, ubiquitous acesss to me.

    1. Re:Wardriving is not illegal by kmellis · · Score: 4, Insightful
      It's not a bad analogy, it's entirely appropriate. There's nothing wrong with receiving the EM that's being sent out by a WAP, but connecting to the WAP is like trying the front door (which is arguably not an intrusion), and using it is like going inside and cooking up a meal (which is undoubtedly an intrusion).

      I'm getting really damn tired of the obtuseness of so many people that bend over backward to justify network intrusions. I don't get this fetish over the fact that it's broadcast over EM. So what? You don't need a freaking wire to connect. Otherwise, it's the same as any other network. And, on any other network, you are not presumed to have a right to access network assets you have not explicitly been explicitly been granted, regarldess of whether it's been secured. If someone has their permissions screwed-up on their shell account on some machine, you still don't have a right to go accessing their files. If, as once was common, you find that with your spiffy new cable modem there are suddenly thirty machines in your "Network Neighborhood", you still don't have a right to access those shares, if any. Permission has to be explicitly granted. If you haven't been explicitly given permission to use a WAP, then you are breaking the law by using it.

      This isn't about "worlds". I, too, want to live in a world where there are public access wireless networks, just like I want to live in a world where there are public restrooms. The answer isn't to proclaim that all unlocked restrooms are (or should be) presumed "public", but to presume that all restrooms are private unless explicitly labeled as "public". A more thoughtful technology would use a protocol that can explicitly mark a WAP as being public. Until then, it's invasive, self-serving, unethical, and illegal to use a WAP that you don't have explicit permission to use. It just doesn't matter whether it's secured or not. Under the rule of law, the responsibility isn't on the potential victim of an injury to protect themselves from it (such as locking your doors), it's on the perpetrator to not inflict the injury. This marks the difference between the sort of society where the strong are encouraged to prey upon the weak and a society where every human being is presumed capable of moral choice--the onus is on them to choose correctly.

      Your restroom analogy is very poor because the whole of it is in the context of a public place. A public restroom is explicitly public. Any random unsecured WAP is not. It's merely unsecured. So, you can "look" under the door, but it doesn't matter because, no matter what, you don't have a right to go in.

  17. Re:Fill in the blanks: by sql*kitten · · Score: 4, Funny

    1. Buy the honeypot from this Van Strien fellow, packaged as "a security tool for corporate Wi-Fi users" with "a beautiful user interface". Estimated cost: _____
    2. Maintain it. Estimated cost: ______ per month.
    3. Keep someone on the payroll to watch for suspicious activity. Estimated cost: _____ per month.
    4. When suspicious activity is found.... um... what exactly do you do then?

    You forgot:

    5. Profit!

  18. I do not get it. by pclminion · · Score: 5, Insightful

    If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!

  19. kind of pointless by ch-chuck · · Score: 5, Funny

    unless the honeypot has rooftop rf direction finding and megawatt laser blaster.

    BOFH: Hey, tripwire shows we got a fly in the honeypot!
    PFY: (looking out window with binos) Really? It could be that guy at the sidewalk cafe with the notebook out.
    BOFH: Heheh, Mr. warwhiz left port 139 open and admin share on! Now where did you put smbclient?
    PFY: In daisy/pub. Go for it and I'll let you know of any change in facial expression.

    --
    try { do() || do_not(); } catch (JediException err) { yoda(err); }
  20. Re-using hobo signs by Stavr0 · · Score: 5, Interesting

    )///(
    Three slashes over the warchalk symbol. /// means 'unsafe area'

  21. Secure network topology by Gerry+Gleason · · Score: 5, Interesting
    Good points. I'm not up on the details of WEP, but I think I understand what you are getting at. For wired corporate (and other) networks, the basic paradigm is to physically secure the facility and make the gateway points secure with firewalls and such. With wireless, you don't have physical security anymore becuase you don't know exactly where the node is.

    This also relates to discussions about cooperative wireless mesh networks. If you want people to volunteer to share their wireless node with neighbors, you have to provide a box that enables it to be done safely. If the design isn't rock solid and foolproof, all it takes is a little FUD to damage the necessary trust that makes people feel ok volunteering.

    The idea of placing an access point outside the wired network is probably the correct solution given the claimed weaknesses in WEP, and it might save you from replacing all those cards immediately. If I was proposing adding wireless access to a corporate or educational campus, I would propose this exclusively. No access points inside the gateways, and access the internal network resources as if you were coming in from outside. If you use a VPN solution for telecommuters, the same would work for wireless access. Now you have end2end security on your external people, and whatever your policy is about sharing out some bandwidth for free, it's more like giving a free drop to a nonprofit down the hall. You'd just hook them up to your external router with no internal access.

    There was also a small comment in the interview with Vint where he says that he wishes they had designed in access controls for each node from the start. This would probably be a big help here as well as with problems related to IP spoofing and such. Perhaps IPv6 would be an opportunity to get this in, but if it isn't in the spec yet (anyone know?), it's probably too late.

  22. Re:Good by Mike+Schiraldi · · Score: 5, Insightful

    Um, plenty of people intentionally provide free wireless access to the public. Nobody intentionally makes their car available to be stolen. People who find the honeypot may be innocent white hat people who just want to check their damn email. People who steal a car have no such excuse.

    Additionally, taking someone's car is stealing -- you deprive them of the car. Using someone's bandwidth is likely not, unless you use so much that they can't get their work done.

    --

    --
    Mod up a post Rob doesn't like and you'll never mod again

  23. Use the universal geek trap symbol: by dr_dank · · Score: 4, Funny

    Admiral Ackbar.

    'nuff said.

    --
    Where does the school board find them and why do they keep sending them to ME?
  24. "Crooks", houses, and wireless by adb · · Score: 5, Insightful

    Using weak metaphors to argue about computer security gets really old. A closed door, locked or not, is an indication that you're not supposed to go in unless the owner wants you there. Likewise, a WEP-protected network may be easy to get into, but the use of WEP is a sign that you're not wanted there. And just like a house with an Open House sign on the front, my wireless network has no such "go away" signal because I want people to use it. (Of course, just like an Open House sign does not mean "please burn my house down", my 802.11b base station is not an invitation to abuse my network, just an opportunity.)

  25. Re:Trespass by mikeb · · Score: 4, Informative

    Mind the legal language folks. I seem to recollect that US law is based in part on British law, but it's likely that it has diverged.

    AFAIK (IANAL): in England and Wales, trespass is not a *crime*. There is a big distinction between crimes which are tried in criminal courts and other actions (torts) for which there is only a civil remedy. If someone comes onto your land you don't in general have much comeback against them unless they do some harm or damage - they haven't committed a crime. If they do damage, then you may be able to claim recompense in civil courts, but it's still probably not a crime.

    However, if they are armed, then it's armed trespass, which IS a crime and you can call the cops straight away. In cases of ordinary trespass the police will be very disinterested because their responsibility is basically criminal not civil law.