Forgot your password?
typodupeerror
Security

Wartrapping? 266

Posted by michael
from the arms-race-just-getting-silly-now dept.
netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"
This discussion has been archived. No new comments can be posted.

Wartrapping?

Comments Filter:
  • by VVrath (542962) on Thursday October 10, 2002 @09:35AM (#4423285)
    I'm guessing the submitter wasn't thinking of Winnie the Pooh...

    Liam
    • If you read the article you see that that's the suggestion. I'm thinking more along the lines of a bee smoking a joint..."honey" "pot".
    • by chegosaurus (98703) on Thursday October 10, 2002 @10:19AM (#4423624) Homepage
      then may I suggest p00h as a honeypot symbol?
    • Re:Honeypot Symbol (Score:3, Informative)

      by Archfeld (6757)
      I think the original honey pot meaning (latrine, john, bedpan) fits much better for this topic.... If I drive by and my wireless card finds and gets accepted on your network..TOO F'N bad, you should try some security. Now if I then use that connect to try and hack into your systems then they should pursue me to the fullest extent of the law. What is the policy if I request a bootp/dhcp on the net and someone answers, my fault or theirs ? If you leave your front door wide open and a neighbor comes over and uses your bathroom, then leaves is it a crime ?
      • If you leave your front door wide open and a neighbor comes over and uses your bathroom, then leaves is it a crime ?

        Uh, trespassing? If I go around and try and bilk old ladies out of their retirement funds, is that a crime? Just because people are gullible and stupid (unsecured networks) doesn't make it your right (or make it legal) to take advantage of that.
  • Huh? (Score:4, Interesting)

    by Ed Avis (5917) <ed@membled.com> on Thursday October 10, 2002 @09:36AM (#4423298) Homepage
    I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?
    • Re:Huh? (Score:2, Interesting)

      by paranoos (612285)
      If all Wi-Fi cards had a mandatory GPS system reporting their location, then an office with a large access area could cordon off their building by walking around with a device that will trace a GPS line around the network, and not allow access to anybody outside.

      The one thing this doesn't solve is if a company residing in a suite doesn't want to share their network with ABC Corp upstairs. In that case, they may be able to string copper wire in the ceiling as a "shield".

      • Re:Huh? (Score:2, Interesting)

        The one thing this doesn't solve is if a company residing in a suite doesn't want to share their network with ABC Corp upstairs. In that case, they may be able to string copper wire in the ceiling as a "shield".

        Actually, GPS provides altitude, as well as position. So you're all set--no floor and ceiling shielding necessary.

        • Re:Huh? (Score:2, Interesting)

          by EatHam (597465)
          Actually, GPS provides altitude, as well as position...

          Unless you can't see enough satellites. Which has been my experience in many office buildings. Maybe my GPS is a POS, but unless it's right next to the window, or outside, all the concrete and whatnot block the signal. So I wouldn't want to trust my network access to that kind of spotty coverage.
      • Re:Huh? (Score:5, Interesting)

        by Egoine (22800) on Thursday October 10, 2002 @09:57AM (#4423470)
        "If all Wi-Fi cards had a mandatory GPS system reporting their location"

        Yeah right. Like someone who would want to use your network wouldn't lie about his position (by hacking the card, driver,etc..). Maybe non-trivial, but once one guy does it, he gives the recipe.

        When modems began to be deployed, corporations wouldn't even ask a password to be connected. Just dial the line. This is equivalent of the now unsecured wireless networks. Your solution would then have been to only allow some phone numbers to dial in. Not that bad, but asking for a password is probably simpler and better.
      • Re:Huh? (Score:3, Interesting)

        by bobKali (240342)
        Yea, that'd be about as effective as using MAC addresses for authentication. It's not like anyone would be able to spoof their GPS location.
      • Re:Huh? (Score:5, Informative)

        by gorilla (36491) on Thursday October 10, 2002 @10:15AM (#4423588)
        GPS doesn't work indoors. GPS doesn't work when there is an object between the receiver and the satellites. GPS doesn't have the accuracy to give a precise line at the edge a of a building.

        Stop thinking of GPS as a magic solution to all problems involving knowing where you are. It's good, but it's not that good.

        • Re:Huh? (Score:4, Insightful)

          by jpellino (202698) on Thursday October 10, 2002 @04:41PM (#4427265)
          Well, with my Garmin eMap and my iBook WiFi'd to a differential GPS server, I've gotten resolution down to 1.5 feet while walking around on campus. So the resolution can be good enough, though it may not be so in concrete canyons, etc. They could potentially set up a check, but I could then massage the GPS data (it's a very simple very public data stream) to send a spoofed location (kripes I could do this in HyperCard with cool 3-d NSEW slewing buttons! or better yet a cartoon "Feathers McGraw" driving a cartoon radio controlled "Wallace" into the building proper...).

          Or they could just secure the thing with ACLs, secure transactions, etc. - in short everything else that can be done that doesn't involve a pair of sneakers. Sure beats jogging through the building every so many hours with a preciously configured laptop.

      • Re:Huh? (Score:3, Informative)

        by WildBill1941 (187641)
        The problem with GPS is that it's easily shielded. I've yet to see a GPS receiver that works indoors - which is where 90% of Wi-Fi usage happens. The GPS signal is pretty weak - even though the satellite pumps out a signal with approximately 500 watts of Effective Radiated Power, there is enough loss in the path (app. 21000 km) that the signal is fairly weak by the time it gets to your ground-based receiver. Add this to the fact that most ground-based receivers have pretty crappy antennas (and a Wi-Fi/GPS combo unit would, too - unless you wanted it to be HUGE), and you can see how basing your "perimeter" on GPS coordinates is impractical.

        Looks like GPS will remain in use for wardriving - since you're outside with a clear view of the sky it works just fine for that. :)

        If you're interested in more GPS facts, check out this Google Cache [216.239.35.100] - I don't want to slashdot the main site.

    • Re:Huh? (Score:5, Interesting)

      by Zeinfeld (263942) on Thursday October 10, 2002 @09:53AM (#4423440) Homepage
      I don't get it, why not just configure your network not to hand out IP addresses to anyone who asks? Does this wireless thing have no security at all?

      The problem is that they called the security scheme Wired Equivalent Privacy, thus botching the job from the start. They failled to understand that the big difference between a wired and a wireless network is access control, you can bypass the guard at the gate.

      This proposal appears to be macho bullshit rather than serious security. First off most people who are warchalking just want to download their email. So while it is great press to demonize them don't make a big issue.

      Secondly it is very easy to apply a layered security solution. You can use IPSEC or 802.1x with a bunch of other stuff.

      The bugs in WEP have been known for some time and the people doing the next generation crypto security know what they are doing. Incidentally the 802.11 working group knew about and was fixing the bugs before Stanford put out the report. A small company up in Redmond Washington had decided to make 802 available throughout their campus (sounds like a directive from his Bill-ship). Before deploying their crypto people had a look at the security of WEP and went AGGGHH!

      I found out about this because I tried to contact Big-Softie after hearing about the WEP problems at a cipherpunks meeting. Working out how to fix a problem like that without having to replace every card is really hard.

      Point is that nobody should be using honeypots until they have actually deployed decent crypto security. And you should protect the honeypot as closely or almost as closely as the real network.

      Rather than messing with this stuff why not just put up a courtesy 802.11b network with a net ID of 'OPEN123' or something, plug it into your network so that it is outside the firewall and set throttles so that nobody can use too much bandwidth. Then people who just want to downlod their mail can get it.

      I keep trying to persuade folk that we should do this sort of this in the base infrastructure, Access points should offer a guest mode as standard with appropriate limits, say no more than 20Mb of guest use per hour.

      • Re:Huh? (Score:2, Insightful)

        by MoreBeer (91936)
        For the most part, I agree with your theory that most wireless users (be they wardrivers, casual corporate users, or geeks trying to check up on slashdot) aren't threats, one needs to take into consideration crackers.

        If I'm a malicious cracker and I'm out wardriving around, I find an unprotected network. Sure, I may not care about the corporate resources on _that_ network I'd have to IPSEC to, but what about other networks? I've gained access to Corporation XYZ's WLAN, why don't I start rooting boxen on other networks? They're going to trace it back to XYZ's netblock, and potentially pursue legal action. As the security architect for XYZ, I would have no option to view my deployment as criminal negligence. Sure, my internal net is protected, but crackers are sullying my good name by using my network to attack others. What if the cracker decides to use my WLAN to attack my strongest competitor? Do I drop an IDS on the WLAN? Now I've spent more time/money/resources in babysitting my open WLAN than properly introducing (be it weak) WEP and (be it also weak) registered MAC addresses.
        • Re:Huh? (Score:4, Informative)

          by walt-sjc (145127) on Thursday October 10, 2002 @10:53AM (#4423837)
          It's actually quite simple to fix this. If you want a secure WLAN, put it off a leg on your firewall, require ALL traffic to be IPSEC to the IPSEC server. Deny ALL non-IPSEC traffic on that leg.* I see no reason to have an open WLAN unless you WANT an open WLAN.

          * Obviously, you need a dhcp server handling that leg so it's not quite ALL traffic, but you can really restrict what that leg can do, how it's logged, etc.
        • Re:Huh? (Score:2, Informative)

          by iamacat (583406)
          There are quite a few places that let you access Internet anonymously - libraries, corporate networks (as far as employees are concerned), anonymizer.com, prepaid ISPs, prepaid cell phones etc. Some of them are even specially designed to be untracable. And unless I am very mistaken, they have never even been asked by law enforcement to shutdown their access, only to cooperate in tracing a particular person. In this case, I can just ask a cop to come to the same parking lot and then he will have the same access to all the wireless traffic as I do. As an added advantage, the person to be arrested and his incriminating notebook can be both found nearby.
        • I've gained access to Corporation XYZ's WLAN, why don't I start rooting boxen on other networks? They're going to trace it back to XYZ's netblock, and potentially pursue legal action.

          Again I think we can fix this. The next generation of WiFi chips will have certs built into them so they will not be completely anonymous. They will however be anonymous in that it will not be possible to conduct traces without a huge and highly visible infrastructure to allow the trace.

          Again the reason why I propose caps is because of the likes of SPAMing scum. However there are other ways arround that.

      • Re:Huh? (Score:2, Insightful)

        by budalite (454527)
        why not just put up a courtesy 802.11b network with a net ID of 'OPEN123'....Then people who just want to downlod their mail can get it. Are you really that simple? Sure, while you're at it, let people use your fridge, oven, bed, clothes, and your bathroom when you're not 'actively' using them. How selfish can you be! Hey, while you're asleep, let 'em use your car. You probably should put your home computer out out in front of your front door during the day while you are at work and while you're at home sleeping. Hey, you're not using it. Now, tomorrow's class is learning to see what is beyond the end of our noses! (Unbelievable.)
        • Re:Huh? (Score:3, Insightful)

          by Zeinfeld (263942)
          Are you really that simple? Sure, while you're at it, let people use your fridge, oven, bed, clothes, and your bathroom when you're not 'actively' using them. How selfish can you be!

          Man, don't be such a bread head. You use technology that I invented and gave away for free every day of your life and you don't even know you are doing it.

          Seriously, I have a WiFi connection in my house. If someone passing by wants to download their email that is fine with me.

          If someone comes to our corporate offices and wants to download their email or send a presentation or whatever that is also fine.

          Of course you get people who abuse the hospitality on offer which is why I propose use caps.

          Funny thing is that I have done a lot better not worrying too much about money than the folks who think of nothing else. Thing that most disappoints me about having my stock price in the crapper at the moment is not the fact that I can't afford to buy Blandings Castle [apleyhall.com] at the moment, I am much more concerned that I can't just write a check to build a hospital or school in Afghanistan. Still in five years from now I'll be doing fine and you will still be a breadhead loser who thinks only about what you shoulf receive and not about what you might give.

      • by Gerry Gleason (609985) <(moc.nosaelgdlareg) (ta) (yrreg)> on Thursday October 10, 2002 @10:48AM (#4423806)
        Good points. I'm not up on the details of WEP, but I think I understand what you are getting at. For wired corporate (and other) networks, the basic paradigm is to physically secure the facility and make the gateway points secure with firewalls and such. With wireless, you don't have physical security anymore becuase you don't know exactly where the node is.

        This also relates to discussions about cooperative wireless mesh networks. If you want people to volunteer to share their wireless node with neighbors, you have to provide a box that enables it to be done safely. If the design isn't rock solid and foolproof, all it takes is a little FUD to damage the necessary trust that makes people feel ok volunteering.

        The idea of placing an access point outside the wired network is probably the correct solution given the claimed weaknesses in WEP, and it might save you from replacing all those cards immediately. If I was proposing adding wireless access to a corporate or educational campus, I would propose this exclusively. No access points inside the gateways, and access the internal network resources as if you were coming in from outside. If you use a VPN solution for telecommuters, the same would work for wireless access. Now you have end2end security on your external people, and whatever your policy is about sharing out some bandwidth for free, it's more like giving a free drop to a nonprofit down the hall. You'd just hook them up to your external router with no internal access.

        There was also a small comment in the interview with Vint where he says that he wishes they had designed in access controls for each node from the start. This would probably be a big help here as well as with problems related to IP spoofing and such. Perhaps IPv6 would be an opportunity to get this in, but if it isn't in the spec yet (anyone know?), it's probably too late.

  • by DaedalusLogic (449896) on Thursday October 10, 2002 @09:37AM (#4423305)
    )( :-(

    or

    )NO!(

    Or failing that a picture of a fat bear with handcuffs being lead away by the brain police. Damn you Pooh bear...
  • How the heck (Score:5, Insightful)

    by Sergeant Beavis (558225) on Thursday October 10, 2002 @09:37AM (#4423309) Homepage
    is this really gonna make a difference? Ok, they know you're connected, they know your IP address. So what? How are they going to actually track you down? Then what? Call 911? Interesting article but the ramifications are still unclear.
    • Re:How the heck (Score:5, Insightful)

      by netphilter (549954) on Thursday October 10, 2002 @09:52AM (#4423431) Homepage Journal
      I think the goal has less to do with actually catching the attackers and more to do with analyzing their attack methods. Traditionally the purpose of a honeypot is not to apprehend the attacker or even detect attacks (we have IDS' for that). The purpose is to analyze the methods that attackers are using to get into the networks to try to figure out ways of mitigating the attacks. Honeypots have been very effective in detecting new attacks and even new attack tools that otherwise would have taken much longer to actually find and deal with.

      In this way I think that Wi-Fi honeypots could be VERY effective. Given the inherent insecurity of the protocols being used, any data that could be used to develop better standards is definitely welcome.
    • Ultra secure WinXP will be happy to hand out all your base so you can be blacklisted. Yeah:

      Valuable WinUSER

      1069 Penn Ave, Washington DC.

      (100) 555-1069

      192.168.1.1

      Press 1 to recieve list of all songs and movies ever watched on this PC.

      Press 2 to recieve social security number

      Press 3 to recieve mother's maiden name

      Press 4 to be authenticated as vendor with power of attorney for Valuable WinUSER.

      Press 5 to spam.

      Oh wait, 192.168.1.1 is a local IP. Bill, you need to store medical records so we can cross reference the social security number with the real ISP, thanks.

    • Re:How the heck (Score:2, Interesting)

      by Anonymous Coward
      The point is to see just how many people do try and connect to it, and what level of access those who do connect try to get.
      It's basically just an intelligence gathering device then. If in a month all of 4 people try to connect, and all they do is surf the web or something, then there isn't any point on that office spending thousands protecting the network, but, on the other hand, if half of London is loging on, trying to gain as much access as they can, then it might be worth actually trying to do something about it.
      It's not designed to catch people at it, just determine how much a problem it actually is before taking further action.
  • Honeywagon (Score:3, Funny)

    by sfled (231432) <sfled.yahoo@com> on Thursday October 10, 2002 @09:38AM (#4423311) Journal

    What they use to put all the crap in...
  • by seangw (454819) <seangw@nOsPAM.seangw.com> on Thursday October 10, 2002 @09:38AM (#4423317) Homepage
    Imagine a distributed network of Wi-Fi honeypots taking in unique ID's, and distributing a "do not provide access" list to it's corporate subscribers.

    Things could get sticky.
  • Old news (Score:3, Informative)

    by lnxslak (524709) on Thursday October 10, 2002 @09:39AM (#4423327) Homepage
    This exact same story was on net-security.org yesterday. If you would like more information about this topic go to this story @ net-security.org [net-security.org].

  • Send it [ogi.edu] into the building to disable the honeypot laptop.... It can use its onboard signal strength meter to search for it and then with some onboard weapons in the Mark II version (remember its a DARPA project....) BOOM!! no more honeypot...
  • I don't (Score:4, Funny)

    by Apreche (239272) on Thursday October 10, 2002 @09:40AM (#4423331) Homepage Journal
    think that there's a warchalking symbol for a honeypot. I think that writing SANDERS in really poor backwards handwriting is good enough. /me hopes people aren't lame, and they get the joke
  • Hackers? (Score:5, Insightful)

    by PygmyTrojan (605138) on Thursday October 10, 2002 @09:40AM (#4423333)
    where hackers outside an office gain access to unsecured wireless access points

    I wound't call em hackers, just opportunists.

  • A honey pot is slang for a vagina as well as a computer used to trap misfits. I think and femal genetalia related symbol would do nicely.
  • Good (Score:3, Insightful)

    by PhysicsGenius (565228) <physics_seeker@y a h o o . c om> on Thursday October 10, 2002 @09:40AM (#4423337)
    When we see articles about automatic shutoff switches for stolen cars set out as bait for the criminal element, everybody here thinks it's a great idea. When we see the exact same idea applied to people who do illegal and unethical things with computers, suddenly it's all about "freedom".

    Well, I for one am glad that we are going to see a crackdown on today's tech-obsessed miscreant.

    • Yeah, because depriving someone of their automobile is strictly analagous to temporarily depriving them of some bandwidth. In fact, I'll take a cue from GWBush, who can't differentiate between Saddam Hussein and Usama Bin Laden, and say that I can't differentiate between burning your house down and drinking from your water fountain. It's practically the same thing.
    • Re:Good (Score:5, Insightful)

      by Mike Schiraldi (18296) on Thursday October 10, 2002 @10:49AM (#4423820) Homepage Journal
      Um, plenty of people intentionally provide free wireless access to the public. Nobody intentionally makes their car available to be stolen. People who find the honeypot may be innocent white hat people who just want to check their damn email. People who steal a car have no such excuse.

      Additionally, taking someone's car is stealing -- you deprive them of the car. Using someone's bandwidth is likely not, unless you use so much that they can't get their work done.
    • > When we see articles about automatic shutoff switches for stolen cars set out as bait for the criminal element, everybody here thinks it's a great idea

      Actually, this starts to become entrapment, if cops purposely leave this car with its doors open and hang around the corner waiting for somebody to bite.
  • by ites (600337) on Thursday October 10, 2002 @09:41AM (#4423343) Journal
    Than exposing your network and then trying to catch people who break in.
    Since even a secured wireless network can be broken into in about 30 minutes,
    it makes more sense to treat the wireless network as an external network.
    All accesses to the 'real' internal network then go through the firewall as if they came from the Internet.
    Doing anything less than this seems to be courting danger.
    • Um, they aren't exposing their network. They are setting up a laptop which acts as a WAP (wireless access point) but is in no way configured to connect to their intranet.

      They are measuring how much (unauthorized)activity occurs at the access point.
  • WarSTUPID (Score:4, Interesting)

    by Anonymous Coward on Thursday October 10, 2002 @09:41AM (#4423345)
    Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

    Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

    And don't even get me started on the idiotic term "Wi-Fi"...
    • war & wi-fi (Score:5, Informative)

      by Erpo (237853) on Thursday October 10, 2002 @10:02AM (#4423506)
      Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

      Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.

      If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.

      Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

      As far as I know, wardriving is the only war* term related to 802.11 technologies.

      • Re:war & wi-fi (Score:3, Informative)

        by mooman (9434)
        As far as I know, wardriving is the only war* term related to 802.11 technologies.

        Uh.. Wardriving, warchalking, wartrapping, warwanking...

        He's got a point...

      • Ya know, I was just thinking the other night how people need to accept wardriving wether they like it or not. Physical proximity on an open 802.11 network is very much so like dialing a point to point link; you should see me in my basement trying to get access to my wireless access point on the third floor- I move a foot to the left, check signal strength, bring the laptop up, check strength, then down, check strength, until I find a spot where I can get good enough reception. lather rinse repeat.

        The only other term I could think of would be involve grep, however that implies a more sequential search and regular expressions.
      • As far as I know, wardriving is the only war* term related to 802.11 technologies.

        Uhhh, well "warchalking" was being used well before "wardriving." So that's at least one more.
    • Re:WarSTUPID (Score:4, Informative)

      by tweakt (325224) on Thursday October 10, 2002 @10:17AM (#4423606) Homepage
      Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers.
      The "War" prefix is from the movie WarGames [imdb.com] (1983)

      The dialer program [lycos.de] in the movie, and ones like it which people made, got nicknamed "War Dialers".

    • "Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now."

      Your warpost makes an excellent warpoint.

  • Idiots... (Score:5, Insightful)

    by RealBeanDip (26604) on Thursday October 10, 2002 @09:44AM (#4423360)
    "The service already has six customers but, as with most such services, they are not keen for their names to be made public."
    Because they're idiots, that's why.

    It is quite possible to do wireless without opening up your entire company network. Just like it's possible to NT networking securely.

    The problem is for the most part there are idiots in control of the corporate IT that have impressive MS certifications after their names but don't know diddly squat. This quote:

    "It needs a beautiful user interface," he said.
    proves it and let's us know who they plan on selling to.

    And just what is it they plan to do when they get people logged into their honey pot? Call the police? Oh man please.

    • Re:Idiots... (Score:3, Insightful)

      by mccalli (323026)
      Because they're idiots....This quote: "It needs a beautiful user interface," he said. proves it

      Why? Why on earth would wanting a good user interface make you an idiot? You'd prefer a bad user interface?

      Cheers,
      Ian

  • This is ridiculous (Score:5, Insightful)

    by McCart42 (207315) on Thursday October 10, 2002 @09:44AM (#4423361) Homepage
    I've always believed that flat out good security was a much better solution than trying to eliminate all who would probe your security. Take for instance firewalls that claim to "track down attackers"--I don't care about that. Anyone with half a brain can get an IP address from their firewall logs. All I want is a firewall that locks down all unused ports, and offers program-specific access settings. This stops most portscans and worms. The idea of a honeypot may be important in certain cases, i.e. when very clever hackers have been found invading networks, even after they were secured well. But an ounce of prevention (locking down your wireless network in the first place) is worth a pound of cure (honeypots).

    OT, does anyone know of a Netstumbler-like tool that works with the Toshiba e740's built in Prism wireless card?
    • by nuxx (10153)
      Honestly, the best thing to do is get yourself a Linux partition and use Kismet [kismetwireless.net]. It's very simple to set up, works with almost any card, and has far more features than Netstumbler. Hook it up with a GPS and you'll be making maps, etc.

      It also is completely passive (so most likely legal, since 2.4ghz is a public band with no regulations on it) and anything it hears, not just AP broadcasts, are logged. You can drive around, then throw Ethereal up and see what data you happened to grab. All completely passively.

      Check out the kismet site [kismetwireless.net] for more information. Here [nuxx.net] is a map I made of downtown Ann Arbor. No intrusions were performed, SSIDs are purposefully left off the map, and the colors are completely arbitrary. I'm interested in what is where. Not using other people's bandwidth/networks.
  • by Anonymous Coward
    maybe instead of a symbol we could put a nest of killer bees near the point and then that would be the form of security too. :-)

    -(|||) - is that a honey pot symbol?
  • Hahah (Score:5, Insightful)

    by Lan-Z (148249) on Thursday October 10, 2002 @09:45AM (#4423379)
    There is no way to "catch" someone with a modified satellite dish and hitting the AP from 2 miles away. At the most they have is my MAC address, hah, or what they think is my MAC address.

    Not all people accessing wireless networks drive up to the front door.
  • I think many corporate IT people are instinctively scared of anything "free". This looks like a lame effort to sell a new "service" to these suckers.

  • A Much Better Idea (Score:5, Insightful)

    by mosch (204) on Thursday October 10, 2002 @09:46AM (#4423384) Homepage
    I understand that network security is important, but this device doesn't provide network security. It's a research tool for security firms that can help provide data that will help sell security services (assuming that it does, indeed, turn up some illicit activities).

    If you want wireless security, take your WAP and plug it into a spare interface on your firewall, or whatever hardware you're using to do your VPN. Now send out a memo saying 'We now have wireless access. In order to use the wireless access you'll need to use that VPN software that we gave you so you could work from home'.

    Only accepting authenticated IPSec connections is going to do a hell of a lot more good than getting useless statistics on how many people wanted to hit google while sitting in that park half a block down the street from your office.

    • this device doesn't provide network security.

      Ture.
      It's a research tool for security firms that can help provide data that will help sell security services

      False. It's a research tool for security firms that can't provide security because their clients insist on using insecure software like Microsoft Windows TM. I imagine the silly thing will disrupt legitimate corporate communications and collect a bunch of usless "Valuable user at 192.168.1.1" information.

      As you seem to suggest, the only way to secure your wireless network is to treat it as an external insecure network. The streams must be encryped (WEP no good) and the connections must be authenticated. If you don't do that you just might end up with half your NT admins in the park accross the street.

      If you just hand out IP addresses and service to anyone who walks by, you can expect people to take it. They might as well put PCs on the street and then complain when people stop and surf or play solitair. Duh, what will they think of next, trying to secure bags of money in the lobby with nerve gas?

  • I recently worked at a large government organization (in Canada if it matters). The particular organization held a lot of information classified secret. It was all stored on a password protected mainframe that users accessed through telnet.

    Well, someone had liked the idea of setting up wireless networking for a group of users in the building. The admin who installed the system simply used MAC address authentication as the only security on the WLAN. They only had so many wireless nics, so they simply added those addresses.

    The problem here is that the admin did not realize the security hole he had just opened, as we all know that mac addresses offer no security at all. Though the wireless network I was able to capture plaintext telnet sessions, which included logins and passwords, and I could gain mainframe access from my car in the parking lot. (BTW, don't attempt these types of activitys without your employers permission).

    If the admin had done his homework he would have at a minimum turned on WEP (although it is not secure either, but before the crack was out it was thought to be). Finnaly I convinced them to start using the built-in LEAP authentication and a RADIUS server, as well as limiting the access that users could have with their wireless nics (ie, no telnet access though the wireless). With simply a little deeper look into the security aspects of 802.11, the admin wouldn't have opened the huge security hole in the first place.

  • by BoBaBrain (215786)
    Darn those gansta boyz. Is nothing too taboo for their cutting edge lyrics?
  • by pwagland (472537) on Thursday October 10, 2002 @09:47AM (#4423394) Journal
    Although I'm sure that I've heard of this somewhere before,

    Maybe it was here.... [slashdot.org]

  • Although I'm sure that I've heard of this somewhere before,
    oooh, I don't know... maybe the Secret Service [slashdot.org]
  • It should be EASY (Score:5, Interesting)

    by newestbob (589866) on Thursday October 10, 2002 @09:50AM (#4423415) Homepage Journal
    to sit in an airport or a starbucks with a hidden laptop + 802.11 card that presents a welcome screen that LOOKS LIKE some pay-per-use internet access point.

    I would never use one of those airport systems because ANYONE could be spoofing it. There could be someone sitting next to me with a laptop in his suitcase.

  • It is good that someone tries to chart this problem. At least it makes big corporations aware of the problem with wireless systems and the security issues associated with them.
    I like the idea of wireless internet access everywhere, but not though stealing bandwidth of some business with bad security. I feel very bad for the companies being hacked and abused because of the bad security of the wireless solutions they use.
    It surprises me that no-one thought of this before the technology was launched.
  • would be for a pair of parentheses () with a zigzag line down the middle, like a closed beartrap viewed from above.
  • Alternative 1:

    1. Buy the honeypot from this Van Strien fellow, packaged as "a security tool for corporate Wi-Fi users" with "a beautiful user interface". Estimated cost: _____
    2. Maintain it. Estimated cost: ______ per month.
    3. Keep someone on the payroll to watch for suspicious activity. Estimated cost: _____ per month.
    4. When suspicious activity is found.... um... what exactly do you do then?

    Alternative 2:
    1. Let laptop users connect through Wi-Fi to the company's VPN server, just like the road warriors. Nothing except this server is accessible through the wireless network. Estimated cost: _____

    Would anyone fill in the blanks for me? I want to see which one is more cost-effective.
    • by sql*kitten (1359) on Thursday October 10, 2002 @10:12AM (#4423570)
      1. Buy the honeypot from this Van Strien fellow, packaged as "a security tool for corporate Wi-Fi users" with "a beautiful user interface". Estimated cost: _____
      2. Maintain it. Estimated cost: ______ per month.
      3. Keep someone on the payroll to watch for suspicious activity. Estimated cost: _____ per month.
      4. When suspicious activity is found.... um... what exactly do you do then?


      You forgot:

      5. Profit!
  • by alexjohns (53323) <almuric.gmail@com> on Thursday October 10, 2002 @10:03AM (#4423510) Journal
    Driving around and finding unsecured wireless access points is not illegal. There's no reason to make it illegal. If you don't want people accessing your network, secure it. I have yet to see an article about anyone driving around, finding a secured wireless network and then trying to break in. What's the point? OK, fine, if you're stealing something or trying to find insider information, yeah, that's illegal.

    For those of us looking for wireless acess, we just want to check email and check a few web pages. There's no way of telling whether a unsecured wireless network was deliberately unsecured to allow people to access the Internet, (like many people and some businesses - notably, Starbucks - do) or whether it was left unguarded due to ignorance, laziness, or boneheadedness.

    If you find people accessing your network and you don't want to share, lock it down. What's the point of a honeypot? To find all those roving bloggers on park benches, obsessively updating their fans on the minutiae of their lives? What are you gonna do when you find them? Slap them on the wrist?

    Doesn't everyone realize that this is the future? Unfettered access to information, whether you're in line at the DMV, at the park with the kids, Saturday morning soccer, whatever. What other technology is going to bridge that last mile? Nobody's putting fiber down in my neighborhood. Wireless seems like the best option for fast, ubiquitous acesss to me.

    • Technically, this is not the future. This is the present.
    • Yeah, and there's nothing wrong with going around testing doors to buildings to see if they're unsecured because, after all, some buildings are public. Then, if the door's unlocked, it's okay to go in because, after all, an unlocked door means that the building is public, right?

      Here's a clue: just because you can do something, doesn't mean that you should do something whether it's legal or not. In this case, not.

      • Bad analogy. Really, really bad. It depends on whether there's any expectation of privacy. Here's some other examples:

        You walk into a large public restroom. Is it illegal to bend down to see which stalls you can see people's feet in?

        Is it illegal to look at pretty girls (or boys) on the beach? It would be illegal to try to look at them in a dressing room or in their bedrooms, but if they're in public, is it illegal?

        If I'm walking down the hall in a hotel, is it illegal for me to look into a room where the door is open? If the door's open, there must not be much of an expectation of privacy at the moment. I don't have the right to walk into that room or to open any closed ones, but I can look to see which ones are open, can't I? And if it's open, I can see inside, right?

        The way I see it, it's all just electromagnetic radiation. If you don't want people to see you naked, wear clothes, close the door, whatever. If you don't want people to access your wireless network, use access controls.

        The trouble with it all is that some people DO put up public wireless networks. How will you find them if it's illegal to search for them? It's pretty friggin' easy to turn on the basic WEP encryption and not allow people in. The fact that it's insecure and can be easily broken is beside the point here. If there's even rudimentary safeguards against public use, you assume it's private. Otherwise, it's public.

        The world you live in would have no wireless access for the masses (because, evidently, you're not allowed to find the access points.) That's a world I don't want to live in, unless you've come up with another way to get fast net access on the go.

        • by kmellis (442405) <kmellis@io.com> on Thursday October 10, 2002 @04:19PM (#4427059) Homepage
          It's not a bad analogy, it's entirely appropriate. There's nothing wrong with receiving the EM that's being sent out by a WAP, but connecting to the WAP is like trying the front door (which is arguably not an intrusion), and using it is like going inside and cooking up a meal (which is undoubtedly an intrusion).

          I'm getting really damn tired of the obtuseness of so many people that bend over backward to justify network intrusions. I don't get this fetish over the fact that it's broadcast over EM. So what? You don't need a freaking wire to connect. Otherwise, it's the same as any other network. And, on any other network, you are not presumed to have a right to access network assets you have not explicitly been explicitly been granted, regarldess of whether it's been secured. If someone has their permissions screwed-up on their shell account on some machine, you still don't have a right to go accessing their files. If, as once was common, you find that with your spiffy new cable modem there are suddenly thirty machines in your "Network Neighborhood", you still don't have a right to access those shares, if any. Permission has to be explicitly granted. If you haven't been explicitly given permission to use a WAP, then you are breaking the law by using it.

          This isn't about "worlds". I, too, want to live in a world where there are public access wireless networks, just like I want to live in a world where there are public restrooms. The answer isn't to proclaim that all unlocked restrooms are (or should be) presumed "public", but to presume that all restrooms are private unless explicitly labeled as "public". A more thoughtful technology would use a protocol that can explicitly mark a WAP as being public. Until then, it's invasive, self-serving, unethical, and illegal to use a WAP that you don't have explicit permission to use. It just doesn't matter whether it's secured or not. Under the rule of law, the responsibility isn't on the potential victim of an injury to protect themselves from it (such as locking your doors), it's on the perpetrator to not inflict the injury. This marks the difference between the sort of society where the strong are encouraged to prey upon the weak and a society where every human being is presumed capable of moral choice--the onus is on them to choose correctly.

          Your restroom analogy is very poor because the whole of it is in the context of a public place. A public restroom is explicitly public. Any random unsecured WAP is not. It's merely unsecured. So, you can "look" under the door, but it doesn't matter because, no matter what, you don't have a right to go in.

  • New name? (Score:2, Insightful)

    Airscanning? Scannetting? Scandriving? Probing? WiScanning? AirSniffing? Airdunking? AirPorting? AirProbing? ScannerDriving?

    • Airscanning? Scannetting? Scandriving? Probing? WiScanning? AirSniffing? Airdunking? AirPorting? AirProbing? ScannerDriving?

      Sniffing for an air biscuit!
      Packetmunching.
      Tasting the Ether.
      Looking for someone peeing into the wind.
      Lilypad hopping.

      SD
  • by wherley (42799) on Thursday October 10, 2002 @10:15AM (#4423584)
    Mentioned one month ago here [slashdot.org] on slashdot this fakeAP software [blackalchemy.to] sends out lots of 802.11b beacon message with different SSIDs. Hide in the noise for the good it will do you.
  • I do not get it. (Score:5, Insightful)

    by pclminion (145572) on Thursday October 10, 2002 @10:17AM (#4423604)
    If these companies are willing to spend the money and effort to set up a honeypot, why aren't they willing to spend the money and effort to secure their wireless networks in the first place?!
  • by ch-chuck (9622) on Thursday October 10, 2002 @10:17AM (#4423614) Homepage
    unless the honeypot has rooftop rf direction finding and megawatt laser blaster.

    BOFH: Hey, tripwire shows we got a fly in the honeypot!
    PFY: (looking out window with binos) Really? It could be that guy at the sidewalk cafe with the notebook out.
    BOFH: Heheh, Mr. warwhiz left port 139 open and admin share on! Now where did you put smbclient?
    PFY: In daisy/pub. Go for it and I'll let you know of any change in facial expression.

  • Re-using hobo signs (Score:5, Interesting)

    by Stavr0 (35032) on Thursday October 10, 2002 @10:22AM (#4423653) Homepage Journal
    )///(
    Three slashes over the warchalk symbol. /// means 'unsafe area'
  • Evolution (Score:2, Insightful)

    by monomania (595068)
    It's a legitimate and creative response to a legitimate and creative activity.

    True technology evolves -- and this is how these 'environmental' networks will become secure, finally -- not through laws and threats against "hacking"....

  • .
    I suspect that the first problems are going to be identification, notification and most of all entrapment.

    This is nothing to fear, there is nothing to fear, but caution should be observed.
    Record your activity and the instant you are notified that it is a restricted system GET OUT and STAY OUT.
    Do not destroy your records, keep 2 copies in different locations, you may need them.

    My larger concern is that these are unregulated frequencies and corporate use combined with prosecution could inspre the less altruistic to push to have them regulated (in the US).
  • I believe the following are already taken: - "Kilroy was here" - "Frodo lives" - "Eternity" "WAREZ HERE" though is still available.
  • I recently purchased a zaurus + dcf650 and loaded kismet + the qt kismet app. Plugged it in, cycled to my local shop and back and had a look - no signals. None whatsover.

    Anyway, tinkered around with the settings, rebooted a coupla times, ifconfiged up and down (you get the idea) and before you knew it, 2 APs detected from within my lounge. Walked outside, another 2. Next day, on the way to the the train station - another 6. From the station to work ( a ten minute walk), another 30. Around 50% of these bothered using encryption and when I put the kismet packet logs into ethereal, I didn't have a lot of stuff, but I did get a few web pages browsed and even a few pop3 account emails and passwords.

    Now I'm no hacker - I did this warwalk just as I read so damn much about it (on sites like this), but either these companies / individuals want there bandwidth used or they really have completely clueless admins who have no idea what their unleashing on there networks. I feel like emailing the addys I did get with a "please secure your network", but that'd probably go to the poor users who have no idea what they're doing but have been given a neat tool by their IT dept.

    So what to do ?

  • by dr_dank (472072) on Thursday October 10, 2002 @11:23AM (#4424103) Homepage Journal
    Admiral Ackbar.

    'nuff said.
  • Why is this so hard? (Score:2, Informative)

    by Mikeytsi (186271)
    I don't understand why people think it is so difficult to secure wireless. All you need to do is have encryption running on the box, and use some kind of authentication firewall between the wireless box and the rest of the network. We're doing this at my company, and so far it works great. We even set up a credit card payment system on the box, so people that don't have passwords (non-employees), can kick us a few bucks and get access to our T-1.

  • The people doing the wardriving/walking/chalking are not doing anything illegal, AFAIK. The people running the network left a door open on a public street. If they don't want people in, they should lock the door.

    The only purpose of this would be to determine whether people were looking for open networks. I can save them some money right here: the answer is "yes" - now spend your money securing your network instead of hiring consultants and "investigating."

    I don't fault the company making the honeypot in this case. They're simply taking advantage of the cluelessness of companies.

    I can't imagine why you'd want to BUY this though; renting one should be enough. You rent, you find out people are snooping around, you take the thing back and start concentrating on locking down.

    Even better; hire someone to come by once every few months and try to break into your network. If they can, then fix the problem. Repeating this occasionally takes care of the departments/individuals that go down to Fry's and buy a WAP and install it without the knowledge of the IT dept.

Opportunities are usually disguised as hard work, so most people don't recognize them.

Working...