Attack Of The Dreamcasts 451
kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."
how is this any different (Score:5, Insightful)
Why is this specifically a problem for dreamcasts? (Score:4, Insightful)
Any computer (Score:2, Insightful)
Umm....duh!!!! (Score:3, Insightful)
Wondering again (Score:2, Insightful)
- FF
Re:how is this any different (Score:3, Insightful)
Any raised floor computer room under the floor tiles, it could be put in most drop down ceilings, there are just a huge number of places you could
place a box to do the job that would not very likely to be noticed for several months or years. Almost all of the places in question would have fairly simple access to network and power.
a reason to use plan 9 (Score:4, Insightful)
so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.
Isn't it standard practice...? (Score:3, Insightful)
Ok. Reality check folks. (Score:5, Insightful)
With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.
Because of the footprint and cost... (Score:3, Insightful)
Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
--
"That's Homer Simpson sir. One of your drones from sector 7G"
Wireless (Score:4, Insightful)
no, it wouldn't (Score:4, Insightful)
I laughed out loud when I read this.
Re:no, it wouldn't (Score:3, Insightful)
psxndc
Grab the BBA (Score:2, Insightful)
Upcoming Technologies....expect them. (Score:1, Insightful)
This was a challenge with the advent of 802.11 technolgoies until 802.1X Port based authentication came along. Users now have to authenticate just to obtain access at layer 2. This can be done via various forms of Extensible Authentication Protocols (EAP) such as EAP-MD5, EAP-TLS (Micorosft Certificate Based), Protected EAP, or LEAP (Cisco). 802.1X is an IEEE Standard, where EAP is an IETF derived standard.
Future network switches will require 802.1X authentication for wired connections just like our 802.11 wireless customers. No authentication, no access to the network! Servers or non-802.1X capable clients would require the individual switch ports to be configured with MAC Address filters to maintain security. A client successfully authentications via Layer 2 802.1X, then they acquire a Layer 3 IP address via DHCP.
I expect this to be confronting us very soon.
SoyBomb
http://www.the-space.net
Re:Because of the footprint and cost... (Score:4, Insightful)
why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.
Re:Wireless (Score:3, Insightful)
Re:Wireless (Score:2, Insightful)
Of course, he'd notice a dreamcast sitting somewhere in the open, but under a desk, plugged into a network mini-hub? Hell, in the unlocked server closet, which also shares room with housekeeping stuff.
It's easy to say "any admin worth their salt" would do such-and-such, but sometimes that just isn't the case, not because they don't want to, but rather because they don't have the time.
When you get in at 6 in the morning and leave at 9 at night every night, are you really in the mood for staying an hour later and looking at the logs? Should he? Probably, but admins are human, and the man I'm thinking of isn't getting paid hourly.
Of course, he is my boss, and I just feel bad because I probably didn't work as hard as I should've. Maybe I should stop putting him down as a reference in my job search. Heh.
Re:Any computer (Score:3, Insightful)
I have a TINI (from Dallas Semiconductor) sitting behind me. I has an ethernet port, and serial port. Runs on 8 volts and is small enough you could put it anywhere. It was about $100.
On the other hand, a Dreamcast is about $50 (give or take) + 1 rare broadband adapter. Which boosts the price to $150-$250 for the device.
For $299 CANADIAN ($200 US?) I bought an XBox the other day. Gee, it has built in Ethernet, and, at the point when somebody fully cracks the bootflash could theoretically run Linux and do the same thing.
And have an 8gig drive to log data.
But I don't think that is a realistic use for an XBox either.
Re:Ok. Reality check folks. (Score:3, Insightful)
Re:how is this any different (Score:5, Insightful)
Re:how is this any different (Score:3, Insightful)
Wouldn't it be easier to just make the same software run in the background under WindowsXX? Then all you would have to do is spend 30 seconds at someone's computer who has gotten up to get some coffee or is out at lunch, to slip the disk in and install and run the software.
I don't know, it seems a lot easier to me.
Re:Java-based disposable ethernet board! (Score:1, Insightful)
Re:Because of the footprint and cost... (Score:2, Insightful)
PC Bootable CD with BSoD display (Score:2, Insightful)
Lots of places that I've been have these sorts of boxes sitting around because they become unused gradually. I've seen machines like this display BSoD for weeks on end before anyone bothered to either reboot them or turn them off.
With this approach, the total leave-behind hardware investment is $0.25 for the CD-R.