Wartrapping?

netphilter writes "This article on ZDNet writes: "A "honeypot" trap consisting of a Wi-Fi-equipped laptop is the latest weapon against drive-by hackers." Although I'm sure that I've heard of this somewhere before, it appears that the latest twist is that this company is looking to sell them to corporations. Hmm...I wonder what the warchalking symbol for a honeypot really would look like?"

Old news

[lnxslak]

This exact same story was on net-security.org yesterday. If you would like more information about this topic go to this story @ net-security.org [net-security.org].

war & wi-fi

[Erpo]

Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers. Exactly what does this have to do with 802.11? Driving around and listening to packets is not the equivalent of "wardialling", nor is it in any way similar.

Actually, wardialing referred to having your computer rapidly dial phone numbers and look for modems that would allow anyone to connect. The idea was that Joe Scriptkiddie would start a wardialing program when he got up in the morning and it would dial a randomized list (because the phone company is looking for lots of numbers being dialed sequentially) of phone numbers all day. In the afternoon when he got home from Junior High, he would check to see if the program had found any "interesting" information (modems on numbers that he didn't know about before) and if so he would add them to his "to-investigate" list.

If we define warX to mean aimlessly using method X to find hosts that will talk to anyone, that fits with the definition of wardialing - aimlessly dialing numbers in the hope of finding a modem. Even though driving isn't the most important component of wardriving (one could walk, I suppose), the term wardriving seems to fit. It means aimlessly driving around with a laptop scanning for hosts that will talk to anyone.

Can we dispense with the prefixing of "War" to anything 802.11 related, PLEASE?! This is just stupid now.

As far as I know, wardriving is the only war* term related to 802.11 technologies.

Wardriving is not illegal

[alexjohns]

Driving around and finding unsecured wireless access points is not illegal. There's no reason to make it illegal. If you don't want people accessing your network, secure it. I have yet to see an article about anyone driving around, finding a secured wireless network and then trying to break in. What's the point? OK, fine, if you're stealing something or trying to find insider information, yeah, that's illegal.

For those of us looking for wireless acess, we just want to check email and check a few web pages. There's no way of telling whether a unsecured wireless network was deliberately unsecured to allow people to access the Internet, (like many people and some businesses - notably, Starbucks - do) or whether it was left unguarded due to ignorance, laziness, or boneheadedness.

If you find people accessing your network and you don't want to share, lock it down. What's the point of a honeypot? To find all those roving bloggers on park benches, obsessively updating their fans on the minutiae of their lives? What are you gonna do when you find them? Slap them on the wrist?

Doesn't everyone realize that this is the future? Unfettered access to information, whether you're in line at the DMV, at the park with the kids, Saturday morning soccer, whatever. What other technology is going to bridge that last mile? Nobody's putting fiber down in my neighborhood. Wireless seems like the best option for fast, ubiquitous acesss to me.

Re:Huh?

[gorilla]

GPS doesn't work indoors. GPS doesn't work when there is an object between the receiver and the satellites. GPS doesn't have the accuracy to give a precise line at the edge a of a building.

Stop thinking of GPS as a magic solution to all problems involving knowing where you are. It's good, but it's not that good.

Re:WarSTUPID

[tweakt]

Historically, "wardialing" was phr33k-slang for the rapid dialling of phone numbers.

The "War" prefix is from the movie WarGames [imdb.com] (1983)

The dialer program [lycos.de] in the movie, and ones like it which people made, got nicknamed "War Dialers".

Re:This is ridiculous

[nuxx]

Honestly, the best thing to do is get yourself a Linux partition and use Kismet [kismetwireless.net]. It's very simple to set up, works with almost any card, and has far more features than Netstumbler. Hook it up with a GPS and you'll be making maps, etc.

It also is completely passive (so most likely legal, since 2.4ghz is a public band with no regulations on it) and anything it hears, not just AP broadcasts, are logged. You can drive around, then throw Ethereal up and see what data you happened to grab. All completely passively.

Check out the kismet site [kismetwireless.net] for more information. Here [nuxx.net] is a map I made of downtown Ann Arbor. No intrusions were performed, SSIDs are purposefully left off the map, and the colors are completely arbitrary. I'm interested in what is where. Not using other people's bandwidth/networks.

Re:war & wi-fi

[mooman]

As far as I know, wardriving is the only war* term related to 802.11 technologies.

Uh.. Wardriving, warchalking, wartrapping, warwanking...

He's got a point...

Re:OT: VPNs

[Bishop]

Linux: FreeSwan

OpenBSD: builtin (read FAQ)

Windows: PgPNet seems to work

Re:2 things

[kcurrie]

Maybe I'm a dumbass, but dosen't MAC address filtering address most of the security issues related to Wi-Fi?

Well, I wouldn't say you're a dumbass, but no, it does not address most of the security issues :-)

It is trivial to sniff a valid MAC address, and then set your card to be that address.

Re:I don't

[Mike Schiraldi]

I don't get it.

Re:Isn't it obvious???

[beefness]

Probably because the system is a sandbox, what it broadcasts is data about a network which isn't really there, probably setting up a series of spoofed mac addresses and some traffic which it is sending to itself.

The actual system is not designed to accept the data as a useful transmision, it's designed just to log what comes in on it's interfaces (probably set in promiscuous mode) and provide an appropriate response, give the hacker what he'd expect to see.

Sure, some brightspock hacker could find a bug in the software, exploit it and gain access, then browse to and remove any log files that might have been kept. But, by the time the hacker figures out it is a honeypot, the computer has already logged and recorded everything he/she has done to probe the network, and how long do you think it is going to take to find an exploit, that would let him / her remove evidence of his / her presence.

I dont hack, but I have to imagine that it's not quite that easy hacking a black box that you have never seen, when it probably runs some custom OS / software that you most likely will never gain access to. The Honeypot has it's own security through obscurity.

Probably, he or she wont bother and will instead walk away, but the data captured by the device will be invaluable in securing networks which are vulnerable to attack.

You will of course, soon find an elite group of hackers that go around specifically searching for honeypots, so that they can find ways of identifying them, and once one of them finds a way it will be passed on as knowledge, then this test will be done by any attacker as a probe first, so that his / her tactics are not exposed to any honeypots.

Re:Huh?

[walt-sjc]

It's actually quite simple to fix this. If you want a secure WLAN, put it off a leg on your firewall, require ALL traffic to be IPSEC to the IPSEC server. Deny ALL non-IPSEC traffic on that leg.* I see no reason to have an open WLAN unless you WANT an open WLAN.

* Obviously, you need a dhcp server handling that leg so it's not quite ALL traffic, but you can really restrict what that leg can do, how it's logged, etc.

Re:I don't

[Otto]

http://www.worldvillage.com/wv/school/images/scrns hot/pooh2.gif [worldvillage.com]

Best I could find.

And in that case, wouldn't it be a "Hunnypot"?

Why is this so hard?

[Mikeytsi]

I don't understand why people think it is so difficult to secure wireless. All you need to do is have encryption running on the box, and use some kind of authentication firewall between the wireless box and the rest of the network. We're doing this at my company, and so far it works great. We even set up a credit card payment system on the box, so people that don't have passwords (non-employees), can kick us a few bucks and get access to our T-1.

Re:I don't

[Anonymous Coward]

From the FAQ [lavasurfer.com]... "Pooh lived under the name of Sanders"

Re:Huh?

[iamacat]

There are quite a few places that let you access Internet anonymously - libraries, corporate networks (as far as employees are concerned), anonymizer.com, prepaid ISPs, prepaid cell phones etc. Some of them are even specially designed to be untracable. And unless I am very mistaken, they have never even been asked by law enforcement to shutdown their access, only to cooperate in tracing a particular person. In this case, I can just ask a cop to come to the same parking lot and then he will have the same access to all the wireless traffic as I do. As an added advantage, the person to be arrested and his incriminating notebook can be both found nearby.

Re:Honeypot Symbol

[Archfeld]

I think the original honey pot meaning (latrine, john, bedpan) fits much better for this topic.... If I drive by and my wireless card finds and gets accepted on your network..TOO F'N bad, you should try some security. Now if I then use that connect to try and hack into your systems then they should pursue me to the fullest extent of the law. What is the policy if I request a bootp/dhcp on the net and someone answers, my fault or theirs ? If you leave your front door wide open and a neighbor comes over and uses your bathroom, then leaves is it a crime ?

Re:Huh?

[WildBill1941]

The problem with GPS is that it's easily shielded. I've yet to see a GPS receiver that works indoors - which is where 90% of Wi-Fi usage happens. The GPS signal is pretty weak - even though the satellite pumps out a signal with approximately 500 watts of Effective Radiated Power, there is enough loss in the path (app. 21000 km) that the signal is fairly weak by the time it gets to your ground-based receiver. Add this to the fact that most ground-based receivers have pretty crappy antennas (and a Wi-Fi/GPS combo unit would, too - unless you wanted it to be HUGE), and you can see how basing your "perimeter" on GPS coordinates is impractical.

Looks like GPS will remain in use for wardriving - since you're outside with a clear view of the sky it works just fine for that. :)

If you're interested in more GPS facts, check out this Google Cache [216.239.35.100] - I don't want to slashdot the main site.

Re:Idiots...

[FiloEleven]

Beautiful user interface != Good user interface.

Not that I'm disagreeing with your comment, just that particular logic snippet.

Re:Trespass

[mikeb]

Mind the legal language folks. I seem to recollect that US law is based in part on British law, but it's likely that it has diverged.

AFAIK (IANAL): in England and Wales, trespass is not a *crime*. There is a big distinction between crimes which are tried in criminal courts and other actions (torts) for which there is only a civil remedy. If someone comes onto your land you don't in general have much comeback against them unless they do some harm or damage - they haven't committed a crime. If they do damage, then you may be able to claim recompense in civil courts, but it's still probably not a crime.

However, if they are armed, then it's armed trespass, which IS a crime and you can call the cops straight away. In cases of ordinary trespass the police will be very disinterested because their responsibility is basically criminal not civil law.

GPS? you gotta be crazy

[serf_sam]

What they say about GPS not working indoors is right.

Anywas, we're not taking about MAC addresses here... GPS would be an expensive and impracticle means of identification.

There are plenty of ways to secure a network, people just aren't putting forth the effort - if it's important enough just set up a VPN