Attack Of The Dreamcasts

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."

how is this any different

[Dopefish_1]

from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

Why is this specifically a problem for dreamcasts?

[fo0bar]

They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)

Any computer

[SpelledBackwards]

But couldn't any computer capable of running Linux and sending/receiving network traffic be able to do this as well? I'd be suspicious of a Dreamcast box sitting in a cube connected to the network. I'm guessing that the only real reason they're focusing on Dreamcasts and not normal PC's are that they're very cheap to obtain and reconfigure.

Umm....duh!!!!

[Gorm the DBA]

"but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. " But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". No? Really? Wow...noone's had that idea since...ummm...the invention of the house.

Wondering again

[Flaming Foobar]

Almost all companies I have visited have had the opposite 'problem'. To get an Internet connection up n' running, you need to phone a sysadmin to patch the ethernet socket to the switch (most often, the spares aren't connected at all) and then give them a MAC address so the dhcp will give the box a legitimate IP address in the correct space. (Also, Dreamcast?? Suspicious, no?!)

- FF

Re:how is this any different

[Anonymous Coward]

Look around any office(s) and the office building itself and ask yourself how many places could a small computer be put that no one would notice for quite a while.

Any raised floor computer room under the floor tiles, it could be put in most drop down ceilings, there are just a huge number of places you could
place a box to do the job that would not very likely to be noticed for several months or years. Almost all of the places in question would have fairly simple access to network and power.

a reason to use plan 9

[rpeppe]

where i work, we use plan 9 [bell-labs.com] as a development environment - no NAT necessary. to get through to the outside world, you import the network interface from a gateway machine and use that. however, if an intruder wishes to do that, they must first break the strong authentication used by the import protocol...

so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.

Isn't it standard practice...?

[Kraegar]

To only have connectivity on actively used network drops, and keep all switches in secure closets? To plug in an unknown machine in our office you would have to unplug a known one, and someone's gonna at least notice their computer stopped working. Wouldn't take long after that to discover the switch had taken place. That could easily be circumvented with a machine acting like a silent proxy, but still makes it a tad more difficult. Don't other companies practice similar procedures?

Ok. Reality check folks.

[carlcmc]

IF ... someone can get in undetected and hook up a dreamcast in a few minutes, your security has already been breached. If your company has something it doesn't want people to access without authorization on the computer, they should have at least the same security focus for the building.

With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.

Because of the footprint and cost...

[digitalamish]

Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts. You could scatter them around to a few drops as backup. In addition, the footprint of the box is small, and you don't need a standard PC case. Who wants to buy a BookPC or a Cappucino (sp) only to lose it.

Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
--
"That's Homer Simpson sir. One of your drones from sector 7G"

Wireless

[AlgUSF]

Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.

no, it wouldn't

[BlueboyX]

The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."

I laughed out loud when I read this. :>

Re:no, it wouldn't

[psxndc]

Um yeah, but if I were walking around my company and saw a laptop on a desk I would think "Oh, someone sits there". If I saw a dreamcast sitting somewhere I'd be like "WTF is a dreamcast doing here". A DC is waaaaaay more suspicious.

psxndc

Grab the BBA

[freeze128]

You can bet that I would at least grab the BBA out of it and sell it on ebay.... Those things are like GOLD.

Upcoming Technologies....expect them.

[Anonymous Coward]

This type of threat is something that people have been aware of for some time. DHCP doesn't care who is acquiring a lease unless you assign them on a MAC address basis. This itself is somewhat self defeating because its administratively prohibitive.

This was a challenge with the advent of 802.11 technolgoies until 802.1X Port based authentication came along. Users now have to authenticate just to obtain access at layer 2. This can be done via various forms of Extensible Authentication Protocols (EAP) such as EAP-MD5, EAP-TLS (Micorosft Certificate Based), Protected EAP, or LEAP (Cisco). 802.1X is an IEEE Standard, where EAP is an IETF derived standard.

Future network switches will require 802.1X authentication for wired connections just like our 802.11 wireless customers. No authentication, no access to the network! Servers or non-802.1X capable clients would require the individual switch ports to be configured with MAC Address filters to maintain security. A client successfully authentications via Layer 2 802.1X, then they acquire a Layer 3 IP address via DHCP.

I expect this to be confronting us very soon.

SoyBomb
http://www.the-space.net

Re:Because of the footprint and cost...

[earlytime]

If we assume for a moment that if you can get into the faciity undetected and place a device on the network, that it's not game over already......

why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.

Re:Wireless

[Matey-O]

Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.

Yeah, but if SSID broadcast is turned off, the suspect WiFi basestation would be kinda hard to detect.

Re:Wireless

[DrMaurer]

How regularly? The few admins I know are ran frazzled by lack of help dealing with normal, simple user complaints.

Of course, he'd notice a dreamcast sitting somewhere in the open, but under a desk, plugged into a network mini-hub? Hell, in the unlocked server closet, which also shares room with housekeeping stuff.

It's easy to say "any admin worth their salt" would do such-and-such, but sometimes that just isn't the case, not because they don't want to, but rather because they don't have the time.

When you get in at 6 in the morning and leave at 9 at night every night, are you really in the mood for staying an hour later and looking at the logs? Should he? Probably, but admins are human, and the man I'm thinking of isn't getting paid hourly.

Of course, he is my boss, and I just feel bad because I probably didn't work as hard as I should've. Maybe I should stop putting him down as a reference in my job search. Heh.

Re:Any computer

[topham]

Thats why I'm laughing at this whole thread.

I have a TINI (from Dallas Semiconductor) sitting behind me. I has an ethernet port, and serial port. Runs on 8 volts and is small enough you could put it anywhere. It was about $100.

On the other hand, a Dreamcast is about $50 (give or take) + 1 rare broadband adapter. Which boosts the price to $150-$250 for the device.

For $299 CANADIAN ($200 US?) I bought an XBox the other day. Gee, it has built in Ethernet, and, at the point when somebody fully cracks the bootflash could theoretically run Linux and do the same thing.

And have an 8gig drive to log data.

But I don't think that is a realistic use for an XBox either.

Re:Ok. Reality check folks.

[beebware]

In my experience, it's the case of if you look out of place you obviously aren't meant to be there. The "secret" is to look like you "belong" where ever and know exactly where you are going - I've walked round my old company at 10pm at night (it's a 24/7 factory) in 'skivvies' and no one questioned me, I've wandered around hospitals, office suites etc etc - all without questions asked. Ok, I may have had no idea where I was going, but as long as you don't look like that you can usually get anyway without question.

Re:how is this any different

[digitalsushi]

no, no. you dont wanna just sneak a laptop into a network... sneak it into another computer! If i wanted to mess another netadmin up... i could hide a smaller, fanless computer inside a larger computer. Then I'd figure some clever way to conceal the ethernet cable i just tapped. :) Come on, it would take half of you at least an hour to figure that one out.

Re:how is this any different

[ShawnDoc]

It seems like a lot of work to smuggle a Dreamcast into a building, try to find a unused port and power outlet in a place that it would not draw attention, and hook it all up.

Wouldn't it be easier to just make the same software run in the background under WindowsXX? Then all you would have to do is spend 30 seconds at someone's computer who has gotten up to get some coffee or is out at lunch, to slip the disk in and install and run the software.

I don't know, it seems a lot easier to me.

Re:Java-based disposable ethernet board!

[zmalone]

You cannot open promiscuous sockets from Java, thus making a TINI a poor choice for a portable packet sniffer. It looks like you could open connections outward from a TINI, circumventing many security systems. I have no clue whether or not ARP based sniffing requires a promiscuous ethernet adapter or not.

Re:Because of the footprint and cost...

[dohcvtec]

I know of a place where they have scads of 486 laptops for $5-$10. You can't get a Dreamcast for that cheap, much less the Broadband Adapter (NIC). You can get a PCMCIA NIC to go with your 486 notebook for $10. Besides, either way you have to get the hardware in the door. Neither the DC or a laptop are small enough to conceal when you're walking through the front door, but wouldn't you think carrying a Dreamcast into a company would attract attention, if not suspicion? Laptops are everywhere, and nobody will bat an eyelash if you're carrying one.

PC Bootable CD with BSoD display

[rick_busdiecker]

Since these guys are already doing bootable CDs, they could do one for a generic PC. Have it put up a VGA Blue Screen of Death [everything2.com] mock-up as early as possible and then target machines that look out-of-the-way and/or unused, especially older looking machines.

Lots of places that I've been have these sorts of boxes sitting around because they become unused gradually. I've seen machines like this display BSoD for weeks on end before anyone bothered to either reboot them or turn them off.

With this approach, the total leave-behind hardware investment is $0.25 for the CD-R.