Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wartrapping?

michael posted more than 11 years ago | from the arms-race-just-getting-silly-now dept.

Security 266

netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"

cancel ×

266 comments

Sorry! There are no comments related to the filter you selected.

I wartrap (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4423281)

Your mother every night.

--Emad El-Haraty

lol (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423370)

roflmaoroflldmamdsfljsadfalsdfkjwtfhahasdhfahshaha hahahhahaha linux roolz.

Re:I wartrap (-1)

Salad Shooter (600065) | more than 11 years ago | (#4423507)

In the case of your mother, that would be whoretrap.

Honeypot Symbol (5, Funny)

VVrath (542962) | more than 11 years ago | (#4423285)

I'm guessing the submitter wasn't thinking of Winnie the Pooh...

Liam

Re:Honeypot Symbol (3, Funny)

netphilter (549954) | more than 11 years ago | (#4423297)

If you read the article you see that that's the suggestion. I'm thinking more along the lines of a bee smoking a joint..."honey" "pot".

Re:Honeypot Symbol (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423391)

dude, he was totally talking about female genitals. you dropped the ball.

Re:Honeypot Symbol (-1)

Salad Shooter (600065) | more than 11 years ago | (#4423530)

Are you really that fucking stoopid?

And that *joke* would have been hilarious in the late 70's when Cheech and Chong were at their peak. Now it is just pathetic. Like you.

Re:Honeypot Symbol (4, Funny)

chegosaurus (98703) | more than 11 years ago | (#4423624)

then may I suggest p00h as a honeypot symbol?

Re:Honeypot Symbol (1)

_mythdraug_ (27158) | more than 11 years ago | (#4423671)

Don't know if the submitter was, but it was my first thought.

When does the copyright run out on him?

frosty piss (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423288)

FP?

Huh? (4, Interesting)

Ed Avis (5917) | more than 11 years ago | (#4423298)

I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?

Re:Huh? (2, Interesting)

paranoos (612285) | more than 11 years ago | (#4423350)

If all Wi-Fi cards had a mandatory GPS system reporting their location, then an office with a large access area could cordon off their building by walking around with a device that will trace a GPS line around the network, and not allow access to anybody outside.

The one thing this doesn't solve is if a company residing in a suite doesn't want to share their network with ABC Corp upstairs. In that case, they may be able to string copper wire in the ceiling as a "shield".

Re:Huh? (2, Interesting)

Anonynnous Coward (557984) | more than 11 years ago | (#4423421)

The one thing this doesn't solve is if a company residing in a suite doesn't want to share their network with ABC Corp upstairs. In that case, they may be able to string copper wire in the ceiling as a "shield".

Actually, GPS provides altitude, as well as position. So you're all set--no floor and ceiling shielding necessary.

Re:Huh? (2, Interesting)

EatHam (597465) | more than 11 years ago | (#4423490)

Actually, GPS provides altitude, as well as position...

Unless you can't see enough satellites. Which has been my experience in many office buildings. Maybe my GPS is a POS, but unless it's right next to the window, or outside, all the concrete and whatnot block the signal. So I wouldn't want to trust my network access to that kind of spotty coverage.

Re:Huh? (5, Interesting)

Egoine (22800) | more than 11 years ago | (#4423470)

"If all Wi-Fi cards had a mandatory GPS system reporting their location"

Yeah right. Like someone who would want to use your network wouldn't lie about his position (by hacking the card, driver,etc..). Maybe non-trivial, but once one guy does it, he gives the recipe.

When modems began to be deployed, corporations wouldn't even ask a password to be connected. Just dial the line. This is equivalent of the now unsecured wireless networks. Your solution would then have been to only allow some phone numbers to dial in. Not that bad, but asking for a password is probably simpler and better.

Re:Huh? (3, Interesting)

bobKali (240342) | more than 11 years ago | (#4423531)

Yea, that'd be about as effective as using MAC addresses for authentication. It's not like anyone would be able to spoof their GPS location.

Re:Huh? (5, Informative)

gorilla (36491) | more than 11 years ago | (#4423588)

GPS doesn't work indoors. GPS doesn't work when there is an object between the receiver and the satellites. GPS doesn't have the accuracy to give a precise line at the edge a of a building.

Stop thinking of GPS as a magic solution to all problems involving knowing where you are. It's good, but it's not that good.

Re:Huh? (0)

p3d0 (42270) | more than 11 years ago | (#4423382)

Exactly what I was thinking. This is totally stupid.

Re:Huh? (5, Interesting)

Zeinfeld (263942) | more than 11 years ago | (#4423440)

I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?

The problem is that they called the security scheme Wired Equivalent Privacy, thus botching the job from the start. They failled to understand that the big difference between a wired and a wireless network is access control, you can bypass the guard at the gate.

This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.

Secondly it is very easy to apply a layered security solution. You can use IPSEC or 802.1x with a bunch of other stuff.

The bugs in WEP have been known for some time and the people doing the next generation crypto security know what they are doing. Incidentally the 802.11 working group knew about and was fixing the bugs before Stanford put out the report. A small company up in Redmond Washington had decided to make 802 available throughout their campus (sounds like a directive from his Bill-ship). Before deploying their crypto people had a look at the security of WEP and went AGGGHH!

I found out about this because I tried to contact Big-Softie after hearing about the WEP problems at a cipherpunks meeting. Working out how to fix a problem like that without having to replace every card is really hard.

Point is that nobody should be using honeypots until they have actually deployed decent crypto security. And you should protect the honeypot as closely or almost as closely as the real network.

Rather than messing with this stuff why not just put up a courtesy 802.11b network with a net ID of 'OPEN123' or something, plug it into your network so that it is outside the firewall and set throttles so that nobody can use too much bandwidth. Then people who just want to downlod their mail can get it.

I keep trying to persuade folk that we should do this sort of this in the base infrastructure, Access points should offer a guest mode as standard with appropriate limits, say no more than 20Mb of guest use per hour.

Re:Huh? (1)

AndroidCat (229562) | more than 11 years ago | (#4423638)

This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.

So far. Just wait until spammers start "warspamming". Then they won't even need disposable accounts to dump their spam on the net. (Their web site is usually on another clueless/black hat ISP that denies responsibility because "they didn't send the spam from our network".)

Luckily, a honey pot alarm could make it easy to "warmallet" these slime: Just look for the trailer home in the parking lot.

Re:Huh? (2, Insightful)

MoreBeer (91936) | more than 11 years ago | (#4423688)

For the most part, I agree with your theory that most wireless users (be they wardrivers, casual corporate users, or geeks trying to check up on slashdot) aren't threats, one needs to take into consideration crackers.

If I'm a malicious cracker and I'm out wardriving around, I find an unprotected network. Sure, I may not care about the corporate resources on _that_ network I'd have to IPSEC to, but what about other networks? I've gained access to Corporation XYZ's WLAN, why don't I start rooting boxen on other networks? They're going to trace it back to XYZ's netblock, and potentially pursue legal action. As the security architect for XYZ, I would have no option to view my deployment as criminal negligence. Sure, my internal net is protected, but crackers are sullying my good name by using my network to attack others. What if the cracker decides to use my WLAN to attack my strongest competitor? Do I drop an IDS on the WLAN? Now I've spent more time/money/resources in babysitting my open WLAN than properly introducing (be it weak) WEP and (be it also weak) registered MAC addresses.

Re:Huh? (2, Insightful)

budalite (454527) | more than 11 years ago | (#4423714)

why not just put up a courtesy 802.11b network with a net ID of 'OPEN123'....Then people who just want to downlod their mail can get it. Are you really that simple? Sure, while you're at it, let people use your fridge, oven, bed, clothes, and your bathroom when you're not 'actively' using them. How selfish can you be! Hey, while you're asleep, let 'em use your car. You probably should put your home computer out out in front of your front door during the day while you are at work and while you're at home sleeping. Hey, you're not using it. Now, tomorrow's class is learning to see what is beyond the end of our noses! (Unbelievable.)

It might look something like this (5, Funny)

DaedalusLogic (449896) | more than 11 years ago | (#4423305)

)( :-(

or

)NO!(

Or failing that a picture of a fat bear with handcuffs being lead away by the brain police. Damn you Pooh bear...

Re:It might look something like this (-1)

chrisseaton (573490) | more than 11 years ago | (#4423329)

This reminds me of that Red Dwarf episode where Pooh is executed....

Re:It might look something like this (2)

Storm Damage (133732) | more than 11 years ago | (#4423658)

I think it would look more like this.

Re:It might look something like this (4, Funny)

Storm Damage (133732) | more than 11 years ago | (#4423678)

d'Oh!

I mean like this [cantina.co.jp] .

blargle...now it's not even funny anymore.

Sad news..Stephen King 55 found alive (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423307)

I just heard some sad news on talk radio...famed author Stephen King was found alive at his Maine home. No further details were available.

It's always the same... (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4423308)

Fuck you.

How the heck (5, Insightful)

Sergeant Beavis (558225) | more than 11 years ago | (#4423309)

is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.

Fake information (1)

BaronVonDuvet (612870) | more than 11 years ago | (#4423399)

Maybe they could keep a load of fake, but interesting looking, information on to the honeypot to keep the hackers entertained but ensuring their corporate network isn't breached.

Obviously as you point out the police won't really be able to do anything. Maybe if you sent out your own security but then it's a bit hard to prove anything. Anything more sinister like sending a virus to the hackers machine would be illegal.

Re:How the heck (5, Insightful)

netphilter (549954) | more than 11 years ago | (#4423431)

I think the goal has less to do with actually catching the attackers and more to do with analyzing their attack methods. Traditionally the purpose of a honeypot is not to apprehend the attacker or even detect attacks (we have IDS' for that). The purpose is to analyze the methods that attackers are using to get into the networks to try to figure out ways of mitigating the attacks. Honeypots have been very effective in detecting new attacks and even new attack tools that otherwise would have taken much longer to actually find and deal with.

In this way I think that Wi-Fi honeypots could be VERY effective. Given the inherent insecurity of the protocols being used, any data that could be used to develop better standards is definitely welcome.

Re:How the heck (0)

Anonymous Coward | more than 11 years ago | (#4423693)

wait till they start placing three honeypots with unidirectional antennas and GPS's in a building. all three of them could be connected using normal cable so they could speak to each other on a private channel and synchronize information. then they could use triangulation to pinpoint your location by differencing the signal strengths. put a few time-synchronized cameras on the oustisde of the building and you could get license plates of people attempting to connect. think about it - the technology exists and the idea is feasible. therefore someone will do it.

XP to the rescue (2, Funny)

twitter (104583) | more than 11 years ago | (#4423434)

Ultra secure WinXP will be happy to hand out all your base so you can be blacklisted. Yeah:

Valuable WinUSER

1069 Penn Ave, Washington DC.

(100) 555-1069

192.168.1.1

Press 1 to recieve list of all songs and movies ever watched on this PC.

Press 2 to recieve social security number

Press 3 to recieve mother's maiden name

Press 4 to be authenticated as vendor with power of attorney for Valuable WinUSER.

Press 5 to spam.

Oh wait, 192.168.1.1 is a local IP. Bill, you need to store medical records so we can cross reference the social security number with the real ISP, thanks.

Re:How the heck (2, Interesting)

Anonymous Coward | more than 11 years ago | (#4423457)

The point is to see just how many people do try and connect to it, and what level of access those who do connect try to get.
It's basically just an intelligence gathering device then. If in a month all of 4 people try to connect, and all they do is surf the web or something, then there isn't any point on that office spending thousands protecting the network, but, on the other hand, if half of London is loging on, trying to gain as much access as they can, then it might be worth actually trying to do something about it.
It's not designed to catch people at it, just determine how much a problem it actually is before taking further action.

Re:How the heck - Here's what they will do. (1)

403Forbidden (610018) | more than 11 years ago | (#4423463)

They will collect all the statistics of how many people connect to the laptop and bitch about it to extremist groups like the RIAA to get people who are caught doing this life sentences.

sound about right?

Honeywagon (3, Funny)

sfled (231432) | more than 11 years ago | (#4423311)


What they use to put all the crap in...

Slashdot PetsWarehouse (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423316)

Slashdot PetsWarehouse [petswarehouse.com] . They are fucktards [slashdot.org] . So click this . Or [petswarehouse.com] e-mail [mailto] them [mailto] . Thanks.

Would be interseting . . . (3, Interesting)

seangw (454819) | more than 11 years ago | (#4423317)

Imagine a distributed network of Wi-Fi honeypots taking in unique ID's, and distributing a "do not provide access" list to it's corporate subscribers.

Things could get sticky.

Ironic comment... (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423354)

I don't know... but a honeypot getting sticky seems to me to be a d'oh! You could ask that silly old bear if you aren't sure.

Re:Would be interseting . . . (-1)

Anonymous Coward | more than 11 years ago | (#4423443)

Then imagine a Beowulf cluster of... oh wait, they already are.

Old news (3, Informative)

lnxslak (524709) | more than 11 years ago | (#4423327)

This exact same story was on net-security.org yesterday. If you would like more information about this topic go to this story @ net-security.org [net-security.org] .

A use for the TIMBOT!!!!!!! (2, Funny)

jcrb (187104) | more than 11 years ago | (#4423330)

Send it [ogi.edu] into the building to disable the honeypot laptop.... It can use its onboard signal strength meter to search for it and then with some onboard weapons in the Mark II version (remember its a DARPA project....) BOOM!! no more honeypot...

I don't (4, Funny)

Apreche (239272) | more than 11 years ago | (#4423331)

think that there's a warchalking symbol for a honeypot. I think that writing SANDERS in really poor backwards handwriting is good enough. /me hopes people aren't lame, and they get the joke

When? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423332)


measure counter measure

when will the madness end?

Hackers? (5, Insightful)

PygmyTrojan (605138) | more than 11 years ago | (#4423333)

where hackers outside an office gain access to unsecured wireless access points

I wound't call em hackers, just opportunists.

XP Users (0)

Anonymous Coward | more than 11 years ago | (#4423456)

Or they could just people dumb enough to use WinXP and wireless on their laptop and the bad luck to pass a honeypot.

War Chalking Symbol (2, Funny)

TheOneEyedMan (151703) | more than 11 years ago | (#4423335)

A honey pot is slang for a vagina as well as a computer used to trap misfits. I think and femal genetalia related symbol would do nicely.

Re:War Chalking Symbol (1)

cheezycrust (138235) | more than 11 years ago | (#4423487)

I think an[y] femal genetalia related symbol would do nicely.

Maybe '||'? (without the quotes, of course). Its related to the symbols used now [notabug.com] , but not the same. And, if you have enough imagination, you could see body parts in it...

Re:War Chalking Symbol (1)

kilonad (157396) | more than 11 years ago | (#4423623)

Nah, too confusing. I pity the poor soul who would tap the honeypot thinking he could get free porn because he saw a poorly drawn vagina on the street. Maybe if you drew it with "dirty" underneath, that might work. ;)

Good (3, Insightful)

PhysicsGenius (565228) | more than 11 years ago | (#4423337)

When we see articles about automatic shutoff switches for stolen cars set out as bait for the criminal element, everybody here thinks it's a great idea. When we see the exact same idea applied to people who do illegal and unethical things with computers, suddenly it's all about "freedom".

Well, I for one am glad that we are going to see a crackdown on today's tech-obsessed miscreant.

Yes, the Seventh Commandment is unambigous (0, Troll)

Adam Rightmann (609216) | more than 11 years ago | (#4423453)

"You shall not steal. [therain.org]

But, I guess these hacker sorts, like Protestants, feel free to misinterpret Our Lords words in any manner they see fit for their own selfish gratification, it doesn't cost them anything to piggy back on someone elses wireless access costs (well, except for eternal damnation).

Re:Good (2)

back_pages (600753) | more than 11 years ago | (#4423645)

Yeah, because depriving someone of their automobile is strictly analagous to temporarily depriving them of some bandwidth. In fact, I'll take a cue from GWBush, who can't differentiate between Saddam Hussein and Usama Bin Laden, and say that I can't differentiate between burning your house down and drinking from your water fountain. It's practically the same thing.

There are better ways to do this (5, Insightful)

ites (600337) | more than 11 years ago | (#4423343)

Than exposing your network and then trying to catch people who break in.
Since even a secured wireless network can be broken into in about 30 minutes,
it makes more sense to treat the wireless network as an external network.
All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
Doing anything less than this seems to be courting danger.

Re:There are better ways to do this (0)

Anonymous Coward | more than 11 years ago | (#4423472)

Exactly! If the internet is the wild west where the savvy can run rife, and it is IMHO, it's time to take the war to the next theatre! WEP Schmep! Corporate Schmucks! :)

Re:There are better ways to do this (2)

torqer (538711) | more than 11 years ago | (#4423476)

Um, they aren't exposing their network. They are setting up a laptop which acts as a WAP (wireless access point) but is in no way configured to connect to their intranet.

They are measuring how much (unauthorized)activity occurs at the access point.

Re:There are better ways to do this (1)

Lan-Z (148249) | more than 11 years ago | (#4423740)

"Since even a secured wireless network can be broken into in about 30 minutes"

Where do you get your information? The possiblity of 64 bit WEP being cracked in 30 minutes is not too bad if the hardware on the network is older and there is enough traffic to grab some weak packets. That is pretty much the only way you can break a wireless network in 30 minutes. Anything higher that 64 bit WEP and/or newer hardware is gonna take you a hell of a lot more time than that, and most likely you still won't be able to crack it.

I am by no means supporting WEP as a feasable way to secure wireless.

WarSTUPID (4, Interesting)

Anonymous Coward | more than 11 years ago | (#4423345)

Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

And don't even get me started on the idiotic term "Wi-Fi"...

war & wi-fi (5, Informative)

Erpo (237853) | more than 11 years ago | (#4423506)

Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.

If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.

Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

As far as I know, wardriving is the only war* term related to 802.11 technologies.

Re:war & wi-fi (3, Informative)

mooman (9434) | more than 11 years ago | (#4423675)

As far as I know, wardriving is the only war* term related to 802.11 technologies.

Uh.. Wardriving, warchalking, wartrapping, warwanking...

He's got a point...

Re:war & wi-fi (1)

peterpi (585134) | more than 11 years ago | (#4423694)

As far as I know, wardriving is the only war* term related to 802.11 technologies.

Warchalking

Good History Lesson Erpo! (2)

mekkab (133181) | more than 11 years ago | (#4423721)

Ya know, I was just thinking the other night how people need to accept wardriving wether they like it or not. Physical proximity on an open 802.11 network is very much so like dialing a point to point link; you should see me in my basement trying to get access to my wireless access point on the third floor- I move a foot to the left, check signal strength, bring the laptop up, check strength, then down, check strength, until I find a spot where I can get good enough reception. lather rinse repeat.

The only other term I could think of would be involve grep, however that implies a more sequential search and regular expressions.

Re:WarSTUPID (4, Informative)

tweakt (325224) | more than 11 years ago | (#4423606)

Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers.
The "War" prefix is from the movie WarGames [imdb.com] (1983)

The dialer program [lycos.de] in the movie, and ones like it which people made, got nicknamed "War Dialers".

I don't get it. (1)

ksplatter (573000) | more than 11 years ago | (#4423356)

I always assumed "wardrivers" were people who are too cheap to pay for a broadband connection. I wasn't aware that they actually were hackers.

Boy am I really out of the Token Ring.

Idiots... (5, Insightful)

RealBeanDip (26604) | more than 11 years ago | (#4423360)

"The service already has six customers but, as with most such services, they are not keen for their names to be made public."
Because they're idiots, that's why.

It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.

The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:

"It needs a beautiful user interface," he said.
proves it and let's us know who they plan on selling to.

And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.

Re:Idiots... (3, Insightful)

mccalli (323026) | more than 11 years ago | (#4423603)

Because they're idiots....This quote: "It needs a beautiful user interface," he said. proves it

Why? Why on earth would wanting a good user interface make you an idiot? You'd prefer a bad user interface?

Cheers,
Ian

This is ridiculous (5, Insightful)

McCart42 (207315) | more than 11 years ago | (#4423361)

I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).

OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?

Re:This is ridiculous (3, Informative)

nuxx (10153) | more than 11 years ago | (#4423634)

Honestly, the best thing to do is get yourself a Linux partition and use Kismet [kismetwireless.net] . It's very simple to set up, works with almost any card, and has far more features than Netstumbler. Hook it up with a GPS and you'll be making maps, etc.

It also is completely passive (so most likely legal, since 2.4ghz is a public band with no regulations on it) and anything it hears, not just AP broadcasts, are logged. You can drive around, then throw Ethereal up and see what data you happened to grab. All completely passively.

Check out the kismet site [kismetwireless.net] for more information. Here [nuxx.net] is a map I made of downtown Ann Arbor. No intrusions were performed, SSIDs are purposefully left off the map, and the colors are completely arbitrary. I'm interested in what is where. Not using other people's bandwidth/networks.

honeypot symbol... (2, Funny)

Anonymous Coward | more than 11 years ago | (#4423373)

maybe instead of a symbol we could put a nest of killer bees near the point and then that would be the form of security too. :-)

-(|||) - is that a honey pot symbol?

Re:honeypot symbol... (0)

Anonymous Coward | more than 11 years ago | (#4423590)

"-(#)-" == honeyPot; // Note the # for honeycomb :)

Hahah (5, Insightful)

Lan-Z (148249) | more than 11 years ago | (#4423379)

There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.

Not all people accessing wireless networks drive up to the front door.

Will someone explain what the "threat" is? (2, Insightful)

dilute (74234) | more than 11 years ago | (#4423380)

I think many corporate IT people are instinctively scared of anything "free". This looks like a lame effort to sell a new "service" to these suckers.

A Much Better Idea (5, Insightful)

mosch (204) | more than 11 years ago | (#4423384)

I understand that network security is important, but this device doesn't provide network security. It's a research tool for security firms that can help provide data that will help sell security services (assuming that it does, indeed, turn up some illicit activities).

If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.

Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.

half right (2)

twitter (104583) | more than 11 years ago | (#4423561)

this device doesn't provide network security.

Ture.
It's a research tool for security firms that can help provide data that will help sell security services

False. It's a research tool for security firms that can't provide security because their clients insist on using insecure software like Microsoft Windows TM. I imagine the silly thing will disrupt legitimate corporate communications and collect a bunch of usless "Valuable user at 192.168.1.1" information.

As you seem to suggest, the only way to secure your wireless network is to treat it as an external insecure network. The streams must be encryped (WEP no good) and the connections must be authenticated. If you don't do that you just might end up with half your NT admins in the park accross the street.

If you just hand out IP addresses and service to anyone who walks by, you can expect people to take it. They might as well put PCs on the street and then complain when people stop and surf or play solitair. Duh, what will they think of next, trying to secure bags of money in the lobby with nerve gas?

OT: VPNs (1)

kilonad (157396) | more than 11 years ago | (#4423667)

Does anyone know of a good site that explains how to easily and fairly securely set up a VPN?

Re:OT: VPNs (2, Informative)

Bishop (4500) | more than 11 years ago | (#4423734)

Linux: FreeSwan

OpenBSD: builtin (read FAQ)

Windows: PgPNet seems to work

802.11 can be secure, if the admins know how to! (5, Interesting)

Diver777 (614939) | more than 11 years ago | (#4423388)

I recently worked at a large government organization (in Canada if it matters). The particular organization held a lot of information classified secret. It was all stored on a password protected mainframe that users accessed through telnet.

Well, someone had liked the idea of setting up wireless networking for a group of users in the building. The admin who installed the system simply used MAC address authentication as the only security on the WLAN. They only had so many wireless nics, so they simply added those addresses.

The problem here is that the admin did not realize the security hole he had just opened, as we all know that mac addresses offer no security at all. Though the wireless network I was able to capture plaintext telnet sessions, which included logins and passwords, and I could gain mainframe access from my car in the parking lot. (BTW, don't attempt these types of activitys without your employers permission).

If the admin had done his homework he would have at a minimum turned on WEP (although it is not secure either, but before the crack was out it was thought to be). Finnaly I convinced them to start using the built-in LEAP authentication and a RADIUS server, as well as limiting the access that users could have with their wireless nics (ie, no telnet access though the wireless). With simply a little deeper look into the security aspects of 802.11, the admin wouldn't have opened the huge security hole in the first place.

Re:802.11 can be secure, if the admins know how to (1)

T5 (308759) | more than 11 years ago | (#4423571)

Please tell me that you don't still have classified info available through telnet. Please tell me you meant ssh or VPN. Wireless or not...

Wart Rapping? (2, Funny)

BoBaBrain (215786) | more than 11 years ago | (#4423392)

Darn those gansta boyz. Is nothing too taboo for their cutting edge lyrics?

Re: Heard of it before... (3, Funny)

pwagland (472537) | more than 11 years ago | (#4423394)

Although I'm sure that I've heard of this somewhere before,

Maybe it was here.... [slashdot.org]

trap? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423400)

Wouldn`t "trap" mean you wouldn`t get out?

If it isn`t then I will patent mousetraps that sense the mouse, log his pressense and allow it to move on ;-)

Similar story... (2)

tweakt (325224) | more than 11 years ago | (#4423402)

Although I'm sure that I've heard of this somewhere before,
oooh, I don't know... maybe the Secret Service [slashdot.org]

Useless! (1)

damu (575189) | more than 11 years ago | (#4423407)

absolutely useless, leave your house door and wait and count how many people come in? So we don't need to make a secured network, all we need to do is "manage" how many people are walking through our door. And do what, beat them with a broom stick? Another reason this is useless, (atleast in my area) the driving community is somewhat closeknit so the moment someond detects one of these pots, it will be all over the net, thus making the product/services useless.

It should be EASY (5, Interesting)

newestbob (589866) | more than 11 years ago | (#4423415)

to sit in an airport or a starbucks with a hidden laptop + 802.11 card that presents a welcome screen that LOOKS LIKE some pay-per-use internet access point.

I would never use one of those airport systems because ANYONE could be spoofing it. There could be someone sitting next to me with a laptop in his suitcase.

Re:It should be EASY (1)

supertsaar (540181) | more than 11 years ago | (#4423720)

Dang, I thought _I_ was a paranoid person.... Now I have to look out for airport wifi spoofers too. Dang. Then again...if you use properly encrypted communications that would not be a huge problem would it? As far as I understand network sniffing is easy enough on good-old wires too.

Good Initiative (2)

e8johan (605347) | more than 11 years ago | (#4423424)

It is good that someone tries to chart this problem. At least it makes big corporations aware of the problem with wireless systems and the security issues associated with them.
I like the idea of wireless internet access everywhere, but not though stealing bandwidth of some business with bad security. I feel very bad for the companies being hacked and abused because of the bad security of the wireless solutions they use.
It surprises me that no-one thought of this before the technology was launched.

Isn't it obvious??? (0)

Anonymous Coward | more than 11 years ago | (#4423425)

If KPMG set up this machine as an access point with no encryption or network connection, how could they analyze the data before it was already erased by a clever wardriver...

my vote for new symbol: (2)

K. (10774) | more than 11 years ago | (#4423454)

would be for a pair of parentheses () with a zigzag line down the middle, like a closed beartrap viewed from above.

Re:my vote for new symbol: (0)

Anonymous Coward | more than 11 years ago | (#4423527)

Nope. Use the same symbols as usual, except use a hexagon as the base shape insted of a circle. Makes it real easy to draw, and still provide the normal information so users can recognize which AP is the honeypot.

Wart rapping? (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4423455)

It's probably just my dyslexic brain, but I swear I though the subject was Wart rapping.

AnonCow

Fill in the blanks: (2)

XNormal (8617) | more than 11 years ago | (#4423500)

Alternative 1:

1. Buy the honeypot from this Van Strien fellow, packaged as "a security tool for corporate Wi-Fi users" with "a beautiful user interface". Estimated cost: _____
2. Maintain it. Estimated cost: ______ per month.
3. Keep someone on the payroll to watch for suspicious activity. Estimated cost: _____ per month.
4. When suspicious activity is found.... um... what exactly do you do then?

Alternative 2:
1. Let laptop users connect through Wi-Fi to the company's VPN server, just like the road warriors. Nothing except this server is accessible through the wireless network. Estimated cost: _____

Would anyone fill in the blanks for me? I want to see which one is more cost-effective.

Re:Fill in the blanks: (4, Funny)

sql*kitten (1359) | more than 11 years ago | (#4423570)

1. Buy the honeypot from this Van Strien fellow, packaged as "a security tool for corporate Wi-Fi users" with "a beautiful user interface". Estimated cost: _____
2. Maintain it. Estimated cost: ______ per month.
3. Keep someone on the payroll to watch for suspicious activity. Estimated cost: _____ per month.
4. When suspicious activity is found.... um... what exactly do you do then?


You forgot:

5. Profit!

New Title? (1)

limekiller4 (451497) | more than 11 years ago | (#4423501)

"Warpotting"?

Wardriving is not illegal (5, Informative)

alexjohns (53323) | more than 11 years ago | (#4423510)

Driving around and finding unsecured wireless access points is not illegal. There's no reason to make it illegal. If you don't want people accessing your network, secure it. I have yet to see an article about anyone driving around, finding a secured wireless network and then trying to break in. What's the point? OK, fine, if you're stealing something or trying to find insider information, yeah, that's illegal.

For those of us looking for wireless acess, we just want to check email and check a few web pages. There's no way of telling whether a unsecured wireless network was deliberately unsecured to allow people to access the Internet, (like many people and some businesses - notably, Starbucks - do) or whether it was left unguarded due to ignorance, laziness, or boneheadedness.

If you find people accessing your network and you don't want to share, lock it down. What's the point of a honeypot? To find all those roving bloggers on park benches, obsessively updating their fans on the minutiae of their lives? What are you gonna do when you find them? Slap them on the wrist?

Doesn't everyone realize that this is the future? Unfettered access to information, whether you're in line at the DMV, at the park with the kids, Saturday morning soccer, whatever. What other technology is going to bridge that last mile? Nobody's putting fiber down in my neighborhood. Wireless seems like the best option for fast, ubiquitous acesss to me.

Re:Wardriving is not illegal (1)

Lan-Z (148249) | more than 11 years ago | (#4423690)

IT IS ILLEGAL TO GAIN ACCESS TO ANY NETWORK YOU ARE NOT AUTHORIZED TO USE!

Even if it is just to check your email and check a few web pages as you say, it is illegal and if caught you can be prosecuted.

New name? (2, Insightful)

wwwssabbsdotcom (604349) | more than 11 years ago | (#4423568)

Airscanning? Scannetting? Scandriving? Probing? WiScanning? AirSniffing? Airdunking? AirPorting? AirProbing? ScannerDriving?

Get similar fake wireless AP software right now (3, Funny)

wherley (42799) | more than 11 years ago | (#4423584)

Mentioned one month ago here [slashdot.org] on slashdot this fakeAP software [blackalchemy.to] sends out lots of 802.11b beacon message with different SSIDs. Hide in the noise for the good it will do you.

I do not get it. (5, Insightful)

pclminion (145572) | more than 11 years ago | (#4423604)

If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!

kind of pointless (5, Funny)

ch-chuck (9622) | more than 11 years ago | (#4423614)

unless the honeypot has rooftop rf direction finding and megawatt laser blaster.

BOFH: Hey, tripwire shows we got a fly in the honeypot!
PFY: (looking out window with binos) Really? It could be that guy at the sidewalk cafe with the notebook out.
BOFH: Heheh, Mr. warwhiz left port 139 open and admin share on! Now where did you put smbclient?
PFY: In daisy/pub. Go for it and I'll let you know of any change in facial expression.

Re-using hobo signs (5, Interesting)

Stavr0 (35032) | more than 11 years ago | (#4423653)

)///(
Three slashes over the warchalk symbol. /// means 'unsafe area'

Evolution (2, Insightful)

monomania (595068) | more than 11 years ago | (#4423665)

It's a legitimate and creative response to a legitimate and creative activity.

True technology evolves -- and this is how these 'environmental' networks will become secure, finally -- not through laws and threats against "hacking"....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>