The Dark Side Of DefCon's Wireless Network
An anonymous reader writes "While there's been a few postings on events happening at DefCon 12, one event seems to have been overlooked. A new wireless packet injection tool was quietly released (unleashed?) during DefCon: AirPwn. Here's a write-up of the tool as deployed by its author and crew at DefCon 12."
Three scenarios to point this out.
You're at Joes Internet Cafe, munching on your slightly overpriced muffin and glad for the free Wi-Fi access since you're out of town, and don't get to check your email much on the road. You hit the link to a message you want to read on webmail, when all of a sudden, an ad comes up. Nothing too bad, but it seems that Joe has decided that instead of charging people directly for 'net access, he'll rig up an old desktop with wireless to transmit the ad source for every 100th HTTP request that comes through his system.
This is a potentially annoying way of using the technology, but it also sounds like it could be a good way for Joe to help recoup his costs on the internet. Not a place I'd mind going.
Scenario Two
You're at Joes Internet Cafe, munching on your slightly overpriced bagel, glad for the...well, you know. This time the 'net access isn't free, but Joe's giving it out for $1 an hour, more than reasonable. 58 minutes in, you make an HTTP request, and a small javascript window pops up informing you that you've just got a couple minutes left, more time can be bought at the counter. After 60 minutes, instead of locking you out, all your requests simply get a screen advising you that if you want to keep going, Joe's going to need a dollar at the counter.
Seems useful to me.
Scenario Three
You're in Joes Internet Cafe, sipping some slightly overpriced coffee and you try to get online. After you've payed your dollar to the friendly man at the counter.
You keep gettings ads. You click out, thinking that it's a popup window, and no, you really don't need to enlarge that, it's fine how it is.
All browser windows closed. You try again.
No, I don't really need those drugs...
Or those pieces of software
Or...
You get the idea. Turns out, that guy in the corner is making some quick cash by spamming everyone in the place. The only sites that are coming through are from those ads. He leaves after about 15 minutes, because it can't be long until someone figures it out, but you've just lost 15 minutes of your time.
I realize it's an extreme example, but you think someone won't try it?
Joe, if you're out there, we need to talk. I've got some ideas for you.
figure you'd see a regular HTTP response packet that fits your TCP sequence numbers quite nicely, and a RST afterwards because the numbers got messed up as the faked response didn't have the same length as the real server response. Perhaps they hold down the server by injecting RST packets, too, like juggernauts TCP stream capturing mode did...