Follow Slashdot stories on Twitter


Forgot your password?

Attack Of The Dreamcasts 451

kevin_conaway writes "A pair of coders are now suggesting that it is possible, with a modified dreamcast system running Linux to sneek into an office building and stick it on a network drop and leave. The dreamcast will then probe for ways to connect to the outside world. They say they have created similar software for iPAQs and a special bootable cdroms for print servers and similar boxes. Just a reminder that are networks need to be as secure on the inside as they should be on the outside. Get the story here."
This discussion has been archived. No new comments can be posted.

Attack Of The Dreamcasts

Comments Filter:
  • by Dopefish_1 ( 217994 ) <slashdot@ t h e d o p e f i s> on Thursday August 01, 2002 @12:46PM (#3992964) Homepage
    from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?
    • How is this different?
      Because it is completely automated and it is small and easy to hide.

      IHMO.. Very very cool, nice job guys
      • It can still get caught the same way. Our network monitors are watching for port scanners on the inside as well as the outside, and it wouldn't take them long to notice it.

        Of course, physically FINDING it once they've learned of its existence might be a bit trickier. But I assume the second step they'd take would be to shut down the port on the nearest switch. (The first step, of course, would be the location of a suitable scapegoat. Nobody does anything around here without some kind of CYA plan.)

    • by Anonymous Coward
      Look around any office(s) and the office building itself and ask yourself how many places could a small computer be put that no one would notice for quite a while.

      Any raised floor computer room under the floor tiles, it could be put in most drop down ceilings, there are just a huge number of places you could
      place a box to do the job that would not very likely to be noticed for several months or years. Almost all of the places in question would have fairly simple access to network and power.
      • It seems like a lot of work to smuggle a Dreamcast into a building, try to find a unused port and power outlet in a place that it would not draw attention, and hook it all up.

        Wouldn't it be easier to just make the same software run in the background under WindowsXX? Then all you would have to do is spend 30 seconds at someone's computer who has gotten up to get some coffee or is out at lunch, to slip the disk in and install and run the software.

        I don't know, it seems a lot easier to me.

    • Sure you could plug a laptop in, but who wants to drop $300-400 for a cheap laptop that will probably get confiscated. For the same price you could by 4-5 Dreamcasts. You could scatter them around to a few drops as backup. In addition, the footprint of the box is small, and you don't need a standard PC case. Who wants to buy a BookPC or a Cappucino (sp) only to lose it.

      Other way to look at this would be for a handy ligitimate network tool. It would be nice to plug a machine into a network, have it snoop around, and then come back the next day and get a report on bottlenecks, machine usage, etc.
      "That's Homer Simpson sir. One of your drones from sector 7G"
      • 4-5 dreamcasts, without broadband adapters. And, currently a broadband adapter is going for anywhere from $60-130US there are cheaper things I could aquire to do this...

        Hell, I have such a device sitting behind me. Ethernet (10baseT) and small enough to hide almost anywhere. (About the size of a dimm.)
      • by earlytime ( 15364 ) on Thursday August 01, 2002 @01:44PM (#3993446) Homepage
        If we assume for a moment that if you can get into the faciity undetected and place a device on the network, that it's not game over already......

        why not just drop in a wireless access point, and sit in the parking lot and hack away? That way you can do all of these things without having to worry about establishing an outbound channel. or put the dreamcast in a discreet location outside the building near an outlet. Just cover with a black tarp and there you go. waterproof wireless backdoor.
    • by greg_barton ( 5551 ) <greg_barton@y[ ] ['aho' in gap]> on Thursday August 01, 2002 @01:02PM (#3993119) Homepage Journal
      Heck, just use an EPIA [] based system. Cheaper than a Dreamcast. Boot from a CF card. Fanless. Silent.

    • no, it wouldn't (Score:4, Insightful)

      by BlueboyX ( 322884 ) on Thursday August 01, 2002 @01:04PM (#3993149)
      The point is it is toy-like. People may think a laptop can hack their systems, but a dreamcast? "That is a little game thing my son plays with."

      I laughed out loud when I read this. :>
      • Re:no, it wouldn't (Score:3, Insightful)

        by psxndc ( 105904 )
        Um yeah, but if I were walking around my company and saw a laptop on a desk I would think "Oh, someone sits there". If I saw a dreamcast sitting somewhere I'd be like "WTF is a dreamcast doing here". A DC is waaaaaay more suspicious.


    • I've seen a number of replies talking about how a dreamcast is cheaper, has a lower footprint, etc.

      $1000 is really not that much money for someone seeking to gain from cracking into a companys network. You've gotto believe that the data they're trying to steal from you is worth more than the cost of a measly laptop.

      What it does do, however, is lower the barrier of entry, if you may, to potential attackers. It might also make sense if you're using a "carpet-bombing" technique where you put several of these on the network hoping that one or two of them may go undetected - although I assume after the first one is detected and security knows what to look for the others won't be so hard to find and in fact having multiple ones of these around might actually increase the chances of someone getting supicious.
    • " I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?"

      At a game company?

      Actually though, at my company (not a game company) I could probably bring a Dreamcast in and get it on the network without anybody really noticing. If I disable the LED on it, I'm pretty sure most of the people here (even those that have a Dreamcast and play it) wouldn't consider looking to see if it was network connected or not.

      There are advantages to keeping your desk cluttered like I do. ;)
    • how is this different from throwing a boot floppy into an unattended machine that loads an OS and scripst to do whatever it is said intruder wants to do?

      Security is only as good as your vigilance and your Doorman!

      Do you _Know_ everyone in your office?

      This is where your social skills or lack there of can be either an asset or a detriment.

      Introduce yourself around Sysadmins... find out who those mysterious personell are... Heck you might just make some friends!
    • Also because it is cheap and not as useful as a laptop. I have 3 Dreamcasts that friends gave me without even asking that I wouldn't mind loosing. Laptops are a little harder to part with.

    • by digitalsushi ( 137809 ) <> on Thursday August 01, 2002 @02:36PM (#3993867) Journal
      no, no. you dont wanna just sneak a laptop into a network... sneak it into another computer! If i wanted to mess another netadmin up... i could hide a smaller, fanless computer inside a larger computer. Then I'd figure some clever way to conceal the ethernet cable i just tapped. :) Come on, it would take half of you at least an hour to figure that one out.
    • by duck_prime ( 585628 ) on Thursday August 01, 2002 @02:37PM (#3993877)
      [How is this any different] from sneaking in and connecting a laptop to the network? I mean, wouldn't a Dreamcast plugged into the company network be a bit more suspicious than a computer?

      Well, there's the extra humiliation factor... Imagine a bunch of IT boys from different corps going out for a beer:

      BOFH1: Yeah, I got 0wn3d today by a massive distributed DOS attack from thousands of zombie machines across the 'net.

      BOFH2: Ha! That's nothing. I got r00t3D when someone compromised the latest openSSH source. That woz pretty elite.

      BOFH3: (mumble mumble)

      BOFH2: What was that?

      BOFH3: [sobbing] An iPAQ! I got H4x0r3D by a fucking iPAQ, okay? Are you happy now?

      BOFH1: What a l00zer.

      BOFH2: Good grief.

  • by fo0bar ( 261207 ) on Thursday August 01, 2002 @12:46PM (#3992967)
    They should replace "dreamcast" with "any machine with an IP stack". Physical security on a network is important in any case, whether it be small like a dreamcast or big like an e10k ;)
  • Even scarier (Score:4, Interesting)

    by crumbz ( 41803 ) <<remove_spam>jus ... p a m >> on Thursday August 01, 2002 @12:47PM (#3992975) Homepage
    Is when someone hacks an iPod to do this. You could hide it in a wall and have an IEEE-1394 to 10base-T adapter with a cat-5 cable right into a patch panel in the wiring closet labeled D-103...

  • by Kith_Me ( 257285 ) on Thursday August 01, 2002 @12:49PM (#3992994)
    Someone strolls into the office, notices a dreambox in the corner... and they say "Hmmm, that is normal, I'll just ignore that"... hehe

    More likely that they would say "Cool, lets see what game is in it!"
    • by jayhawk88 ( 160512 ) <> on Thursday August 01, 2002 @02:16PM (#3993723)
      "Hey Bob?"
      "Yeah Mike?"
      "There's something wrong with your Dreamcast, I can't get it to boot up Soul Calibur."
      "My Dreamcast? What Dreamcast?"
      "Your know, the one you had plugged into the 2nd floor comms closet?"
      "That's not my Dreamcast. Did you ask Dave?"
      "Yeah, both he and Shirley say they've never seen it before."
      "And you say it won't play Soul Calibur? Did you try booting it with no disc?"
      "Yeah, it comes up with some weird black screen and says it's beginning port scan, or some such nonsense like that."
      "Huh, I wonder what made it do that?"
      "Who knows. Oh well, guess I'll go plug it back into the router that it was plugged into."
  • Any computer (Score:2, Insightful)

    But couldn't any computer capable of running Linux and sending/receiving network traffic be able to do this as well? I'd be suspicious of a Dreamcast box sitting in a cube connected to the network. I'm guessing that the only real reason they're focusing on Dreamcasts and not normal PC's are that they're very cheap to obtain and reconfigure.
    • Re:Any computer (Score:3, Informative)

      Yes, it could. The nice thing about the dreamcast is that it is small and cheap. Less than $100 gets you a decent processor and a built in Ethernet adapter. If you're going to risk losing your box when it's discovered, I'd rather it was just a cheap dreamcast than a pricey laptop.
      • Yeah, but the dreamcasts are pretty noisy. The 386 I used for this in high school only had one fan (power supply) and was built from parts that were obsolete in '95.

        Why use a laptop? You can run a convincing Linux implementation using much cheaper hardware.

      • Not completely true.

        The dreamcast comes with a MODEM. The broadband adapter was sold in VERY small quantities, and goes for 100-200$ BY ITSELF on ebay, so bump up that "cheap" price accordingly.
        • Re:Any computer (Score:3, Insightful)

          by topham ( 32406 )
          Thats why I'm laughing at this whole thread.

          I have a TINI (from Dallas Semiconductor) sitting behind me. I has an ethernet port, and serial port. Runs on 8 volts and is small enough you could put it anywhere. It was about $100.

          On the other hand, a Dreamcast is about $50 (give or take) + 1 rare broadband adapter. Which boosts the price to $150-$250 for the device.

          For $299 CANADIAN ($200 US?) I bought an XBox the other day. Gee, it has built in Ethernet, and, at the point when somebody fully cracks the bootflash could theoretically run Linux and do the same thing.

          And have an 8gig drive to log data.

          But I don't think that is a realistic use for an XBox either.

  • Umm....duh!!!! (Score:3, Insightful)

    by Gorm the DBA ( 581373 ) on Thursday August 01, 2002 @12:50PM (#3993006) Journal
    "but said that ultimately, there may be little an organization can do to prevent an attacker with physical access from setting up a covert channel home. " But if you can get physical access, why not just use one of the computers so thoughtfully preinstalled by the network administrator? Heck, they were probably even left logged in overnight by the lusers. This doesn't seem all that revolutionary..."If I can get into your building, I can do bad stuff". No? Really? Wow...noone's had that idea since...ummm...the invention of the house.
  • by phraktyl ( 92649 ) <wyatt&draggoo,com> on Thursday August 01, 2002 @12:52PM (#3993022) Homepage Journal
    I'm pretty sure that someone would notice a dreamcast system sitting on their server rack. However, if you hide it [] behind a wall, it could sit there for years!

  • A recent story about 802.11 described the weakness as "Someone walks into your office with a laptop and asks for a network drop." The point of the anology was that the scenario is absurd, but leaving unsecured WAP access points is equally absurd.

    Silly me, I hadn't realized the uber-absurd case -- someone walks into your office with a game console and asks for a network drop.

    Enigmatically enough, I first read this tagline as "Attack of the Democrats"
  • Almost all companies I have visited have had the opposite 'problem'. To get an Internet connection up n' running, you need to phone a sysadmin to patch the ethernet socket to the switch (most often, the spares aren't connected at all) and then give them a MAC address so the dhcp will give the box a legitimate IP address in the correct space. (Also, Dreamcast?? Suspicious, no?!)

    - FF
  • And then the network guys will start wondering why Ulala from Space Channel 5 has appeared dancing across the network.

  • by rpeppe ( 198035 ) on Thursday August 01, 2002 @12:54PM (#3993040)
    where i work, we use plan 9 [] as a development environment - no NAT necessary. to get through to the outside world, you import the network interface from a gateway machine and use that. however, if an intruder wishes to do that, they must first break the strong authentication used by the import protocol...

    so much of today's lax security is due to legacy design, not inherent difficulty. this is worth remembering.

  • by akb ( 39826 )
    A machine with wireless networking capabilities would be even more interesting, particularly for networks not attached to the 'net. 802.11 would probably not be best due to its limited range and higher security consciousness around it. Better would be say a pair of old ricochet modems that have range of up to a mile.
  • by Kraegar ( 565221 ) on Thursday August 01, 2002 @12:54PM (#3993044)
    To only have connectivity on actively used network drops, and keep all switches in secure closets? To plug in an unknown machine in our office you would have to unplug a known one, and someone's gonna at least notice their computer stopped working. Wouldn't take long after that to discover the switch had taken place. That could easily be circumvented with a machine acting like a silent proxy, but still makes it a tad more difficult. Don't other companies practice similar procedures?
    • I've been at three pretty big companies now (two large and one huge), and all three were really sloppy as far as this went. When I built my new Linux box, I just brought it into work and ran a cat5 over to the empty next to me.

      Of course, small companies aren't necessarily better. In any event, anyplace with DHCP is just begging for this sort of intrusion. It's a good reason to always assume that someone is listening.

    • Where I work and where I go to college (two different places), the network is triggered based on MAC address. Only verified MAC addresses can access the gateway.

      Where I work, the DHCP server will only give IPs out to systems that have valid MAC addresses - beyond that, I can't tell you anything. I believe you can't get the routers to route traffic with an invalid MAC address, but I'm not sure about that - haven't had the opertunity or the need to test it. (However, I have had my office machine be "forgotten" about, and it took them a full day to update the DHCP server to allow me back on the network.)

      My school is a step more anal - MAC addresses are tied to specific ports - not just drops, individual ports in the dorm rooms. If an invalid MAC address is detected on a port, then the port is deactivated until NetOps is notified and it can take a while to have it reactivated. The ports are also theoretically designed to deactivate if the computer connected to them is operating in promiscous mode, but I'm unsure as to how this is accomplished.

      While it is of course possible to - um, "spoof" - a MAC address, tieing the drops by MAC address makes it quite a lot harder for invalid systems to just be dropped onto the network. It means that a tunnel cannot just be established by plugging the box into the network - some actual work would be required. At work, all the drops are always active, and I'd bet you can set a static IP. But at my school, where the drops are tied to MAC address, you'd have to find a port where your box can exist without knocking the original computer offline - a considerably more difficult task than just plugging the box into the network.

  • by Derek ( 1525 ) on Thursday August 01, 2002 @12:54PM (#3993049) Journal
    ...if someone came into my house and dropped off a dreamcast! :-)

  • Although the article doesn't mention this, I'm guessing that since they have a custom linux installation, that the modded dreamcast won't be able to run its normal dreamcast functions. What would make this seem even more inncuous would be to allow it play games too.
  • by carlcmc ( 322350 ) on Thursday August 01, 2002 @12:56PM (#3993065)
    IF ... someone can get in undetected and hook up a dreamcast in a few minutes, your security has already been breached. If your company has something it doesn't want people to access without authorization on the computer, they should have at least the same security focus for the building.

    With that in mind, when was the last time you walked into your company in non-work clothes, you knew where you were going, and walked confidently there and no one stopped and questioned you? I wear a name tag and go there every day, but in my shorts and tshirt with no name tag, I'm never stopped. I think thats the way it is in many places.

    • In my experience, it's the case of if you look out of place you obviously aren't meant to be there. The "secret" is to look like you "belong" where ever and know exactly where you are going - I've walked round my old company at 10pm at night (it's a 24/7 factory) in 'skivvies' and no one questioned me, I've wandered around hospitals, office suites etc etc - all without questions asked. Ok, I may have had no idea where I was going, but as long as you don't look like that you can usually get anyway without question.
  • This reminds me of my university where people connect their laptops to the network when they aren't supposed to do so. It isn't to tricky either, you just need to find a desktop someone isn't using, find out it's IP, unplug it, set your machine to it's IP address and connect it up. Now I imagine this would present quite similiar security problems to a rogue Dreamcast or iPaq connected to the network.

    Perhaps the only way to overcome this problems is give IP addresses to trusted MAC addresses only. In the context of a university this could mean the student could apply for an IP address, but could you trust the student? That's the real question

    • Most schools require mac address registration lately. You can walk on to the Oberlin campus and just start typing away. Other schools are like that too. Just make sre you wear an abercrombiecostume so to not raise suspicion.
    • "Perhaps the only way to overcome this problems is give IP addresses to trusted MAC addresses only. In the context of a university this could mean the student could apply for an IP address, but could you trust the student? That's the real question"

      Even if you don't trust the student, you'd have a name and student id number attached to the IP and MAC so it some port scanning or cracking is going on from that IP, you know who to prosecute.

    • The way they did it at RIT was that you got a max of 2 semi-perminant IP's by registering your MAC with the DHCP server using an SSL web page that set up a DHCP lease for 330 days for one IP to that MAC. This worked well as the leases released themselves for the next school year and the system could be fairly trusted as you used your login and then that IP was tracable back to you. Yes you could do IP spoofing but it made it much harder than most other systems.
  • What about WAPs? (Score:2, Interesting)

    by Kakarat ( 595386 )
    The same thing could be done with wireless access points. In fact, it would be easier since with little or no experience, someone could walk in, find an open drop, plug in the WAP, and leave. Granted that the range is not worldwide, but you can get the same results. In some situations you don't even have to enter the building to set one up. Just leave that up to some ignorant employee.

  • Yeah, right. (Score:5, Informative)

    by autechre ( 121980 ) on Thursday August 01, 2002 @12:58PM (#3993093) Homepage

    "availability of an Ethernet adaptor"?

    You almost have to kill someone to get a network adaptor for the Dreamcast. I'm not even sure they're being manufactured anymore (I wouldn't think so), but there are a few on eBay; the cheapest one is $60.

    Besides, as other posters have mentioned, a Dreamcast doesn't exactly look inconspicuous to me, especially if some person I don't recognise is carrying one around in my building.

    • Re:Yeah, right. (Score:3, Informative)

      by JBMcB ( 73720 )
      The Sega Broadband (Ethernet) adapter is, like most of the rest of the Dreamcast, an off the shelf ethernet chip on a PCI-to-Dreamcast bus adapter. In fact, a genius/loony in Japan made a whole Dreamcast->ISA adapter, as witnessed here.
  • I remember building what looked like a serial port gender changer with a wire hanging out of it, but was really an AM transmitter. Plug it into a serial port, and it acted as a radio modem sending out everything that went over the serial port.

    This was back in the days of 1200/2400 baud modems. Plans for the device were in 2600 magazine. It had a range of about 500 meters, and broadcast on about 560 KHz. You needed a companion device on the other end. You could record the audio signals then decode them on your PC later. ...

    On a side note. Even better would be a handheld with TWO expansion ports -- one ethernet to sniff and one 802.11b to sneak it out. Just park across the street with a laptop and another 802.11b card. Instant backdoor to the network.
  • Wireless (Score:4, Insightful)

    by AlgUSF ( 238240 ) on Thursday August 01, 2002 @01:00PM (#3993105) Homepage
    Why not just stick a wireless access point on the network. Put it on the floor near a window or something, and you should be in business... This would even work on the most secure networks.
    • Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.
      • Re:Wireless (Score:3, Insightful)

        by Matey-O ( 518004 )
        Any network admin worth the title is already war-driving his own facilities, sniffing for stuff like this.
        Yeah, but if SSID broadcast is turned off, the suspect WiFi basestation would be kinda hard to detect.
      • Re:Wireless (Score:2, Insightful)

        by DrMaurer ( 64120 )
        How regularly? The few admins I know are ran frazzled by lack of help dealing with normal, simple user complaints.

        Of course, he'd notice a dreamcast sitting somewhere in the open, but under a desk, plugged into a network mini-hub? Hell, in the unlocked server closet, which also shares room with housekeeping stuff.

        It's easy to say "any admin worth their salt" would do such-and-such, but sometimes that just isn't the case, not because they don't want to, but rather because they don't have the time.

        When you get in at 6 in the morning and leave at 9 at night every night, are you really in the mood for staying an hour later and looking at the logs? Should he? Probably, but admins are human, and the man I'm thinking of isn't getting paid hourly.

        Of course, he is my boss, and I just feel bad because I probably didn't work as hard as I should've. Maybe I should stop putting him down as a reference in my job search. Heh.
  • Real Risk (Score:5, Informative)

    by stoolpigeon ( 454276 ) <bittercode@gmail> on Thursday August 01, 2002 @01:00PM (#3993106) Homepage Journal
    for those of you w/real reasons to be concerned- would be that if these guys have thought of this - who else already has something much better in a nice small, concealable package.

    And then think about how many businesses don't even come close to providing physical security to all the ports that connect to their network. Sure the computer room is locked- but how many cleaning people are in the offices at night? Usually if you worry about them at all- it would be that they steal, not leave something behind.

    I had to do some work once at a call center for a client of ours. A large credit card company.

    I pulled up to their building but it was this big glass box and I wasn't sure where the entrance was. I just walked around until I found a door. It was open and their were people standing around smoking. So I walked in. I was in the back by the break room.

    I wandered around in there for 10 minutes or so until I found the front desk. When I walked into the lobby from inside the building and asked for the guy I was supposed to meet she was pretty freaked out. They brought up security people and asked how I got in, etc.

    I hope my credit card company isn't that easy to get into. But I'd be surprised if its much more secure. I wouldn't be surprised it it is less secure.

    Something to think about.

  • by FortKnox ( 169099 ) on Thursday August 01, 2002 @01:01PM (#3993110) Homepage Journal
    ... so I just popped in NFL2K2 and showed the hacker who was boss!!
  • by Cutriss ( 262920 ) on Thursday August 01, 2002 @01:01PM (#3993115) Homepage
    All those girl ninjas running around stealthily tucking Dreamcasts under their arms - They weren't trying to steal them. They were trying to deploy them!

    Now I understand the tagline... It's thinking...
  • by ultima ( 3696 ) on Thursday August 01, 2002 @01:03PM (#3993135)
    A Sun IPX (or any lunchbox style) system with an AUI port and a modified transceiver is much better. I use one of these as a secure syslog; in particular because you can modify the transceiver so that while it is capable of receiving data, it is incapable of sending at a hardware level. There is no way, short of physical access, to detect the machine. It's great for packet sniffing and logging -- syslog using UDP is connectionless, and works well with read-only network connections. This is also better than modifying the ethernet cable, because these modified cables do not actually work properly (the transceiver with tx pins removed will keep a valid *empty* tx signal, whereas a modified cable usually just pumps the rx'd signal back to tx, confusing the equipment into maintaining a link).

    And if you can sneak in once, why not twice? Or better, equip the computer with a cell modem or amateur radio equipment (How many "wartalkers" look for that, eh?) , and dial in. No need for probes which may set off IDS systems, or outgoing packets (like ARP or DNS requests) that alert crackers to a computer's presence.

    I think you cut pins 3 and 10 (on the connector to the computer on the transceiver) but that's not certain.
  • Did it. (Score:5, Interesting)

    by Skyshadow ( 508 ) on Thursday August 01, 2002 @01:04PM (#3993142) Homepage
    Back when I was in high school (1994 or '95), we put together a small 386 -- no case, no nothin' -- with a NIC and stashed it above the library computer lab. This was pretty much just to see if we could, which as I think about it seems like the reasoning behind most of what I did in high school. Well, at least the things I did in high school that didn't involve girls.

    We used it to run a dump of all the packets on the network and get pretty much all the passwords used by anyone. We printed out a copy and sent it to the bozo they had in charge of IT, and he called in a mess of expensive consultants to reload everything on the network.

    Of course, they didn't fix the basic problem or find our little friend. For all I know it's still running up above the 'ol drop ceiling -- we were to chicken to try and retrieve it. Of course, this was a private school, so the real joke was on us (the clue -- consultants were being paid for by our own stupid selves).

  • by Kirby-meister ( 574952 ) on Thursday August 01, 2002 @01:05PM (#3993153)
    ...hacking a company with the Playstation 2 - it can scan 75 million ports a second, 20 million with effects.
  • Cheap? (Score:3, Informative)

    by zsazsa ( 141679 ) on Thursday August 01, 2002 @01:08PM (#3993182) Homepage
    From the article: Cyberpunks will be toting cheap game consoles on their utility belts this fall

    Yeah, the Dreamcast is dirt cheap. The "broadband adapter" needed to hook it up to an ethernet network? Quite pricey [].
  • by glwtta ( 532858 ) on Thursday August 01, 2002 @01:08PM (#3993183) Homepage
    yeah, if you have random people entering your building unsupervised and plugging things into the network, you just might have a security problem, Dreamcast or no Dreamcast.

    I would think much in the same way, a Dreamcast running linux can be used to seriously injure a person, but sneaking up on them and hitting them over the head with it, repeatedly. Of course that's not newsworthy, unless it's a Dreamcast running linux.

  • One of the biggest problems here is that so many companies are permissive with dhcp. If security is a real concern, you shouldn't be handing out IP addresses to unknown MACs like christmas candy. Having to figure out a safe/available IP address ahead of time at least makes this more difficult.
    • Re:Permissive dhcp (Score:2, Informative)

      by kbroom ( 258296 )
      Even with no IP address given by dhcp, I think it would be possible to sniff traffic via ARP poisoning.
      You don't need an IP to send ethernet packets (which is where ARP lives).
    • No it doesn't. You don't have to get an IP via dhcp, and it's easy to sniff IPs on the network to see what's valid. Switched port, with no broadcast traffic? Use a hurestic algorithm to find a valid IP on the network with an exhausted search. You can probably find a working configuration without trying more then 1% of the configuration space. Available? Who cares! Just make sure you have a lower latency to the router then the machine you're sharing an IP with. Oh, and don't forget to spoof their MAC address.

      In fact, the setup we have here gives out "safe" IPs to machines with MAC addresses it doesn't know. The router is configured to not allow traffic from these addresses to access internal resources. In this case, it's actually more difficult to NOT figure out a valid configuration on your own.

      Don't fall into a trap by thinking you can improve security through your dhcp configuration.
  • Uh-oh (Score:3, Funny)

    by stevarooski ( 121971 ) on Thursday August 01, 2002 @01:08PM (#3993185) Homepage
    As soon as I read this story, I jumped up and combed our office for sinister-looking dreamcasts creeping about the floor plugged into network ports.

    Luckily, we were safe--THIS time. Those security-sapping plastic mosquitos could hide anywhere though, so maintain constant vigilance!
  • by Anonymous Coward on Thursday August 01, 2002 @01:12PM (#3993221)
    Near where I live there is this giant uber arcard called Playdium. Instead of using coins or tokens in the machines to get credits you swipe a little plastig card with a barcode on it through a reader. This reader in turn is hooked up to a solid-state machine running MSDOS which then contacts a MS SQL server to see if their is enough credit on the card and if there is it sends an authorization to the machine.

    One day we decided that we wanted to get free video games. After scoping the place out we discovered that all the 10baseT ports that the video games plugged into were in fact patched into a 3com 3300 switch and were active. The network designers I guess figured it would be easier to activate all the ports instead of making some video game tech figure out how to patch stuff in.

    We brought in a laptop with a long cat5 cable and looked for a place to plug it in where we wouldn't be noticed. Jurassic Park 3 has this little thing you sit in a close the blinds so the ambient light would stay out. It would do nicely.

    We watching what we could with different packet sniffers (we were also very paranoid of getting busted) and were able to bring up the Switches web management system. We discovered that the video games use DHCP to get an address in the 10.10.x.x subnet and the video games also seem to contact a master server for configuration information. ie. How much does this game cost. By this time we had been sitting in Jurassic Park 3 for 2 hours and were getting REALLY paranoid. So we decided to try something malicious. We arp-spoofed/flooded everything we could see. An interesting thing happened. When the game control units can no longer talk to their master server, they go into 'free' mode. I guess this is in case there is a network failure. They'd rather lose a bit of money than piss of 100s of people. While our little program ran, every game in the place became free. So I thought to myself, why not just unplug the Cat5 cable for a game to make it free. That doesn't seem to work. I think this is because it needs to detect a link before it will go to free mode. Anyhoo, I guess the moral of this story is to have some kind of port security on your network ports in your business. or something :)
  • "The dreamcast will then probe for ways to connect to the outside world."

    Sega Dreamcast..."It's Thinking"
  • by pete-classic ( 75983 ) <> on Thursday August 01, 2002 @01:15PM (#3993245) Homepage Journal
    to just burn a CDR that boots Linux and does all the same stuff on a PC with any of the top X ethernet cards? Set it up to stubbornly ignore all keyboard input and never display anything on the screen. Write "coaster" on it with a black magic marker, drop it in some currently unused PC and hit power/reset and haul ass. Do it at 4:50 PM on a Friday and you'll probably have to 9:00 AM on monday to own some other box on a more permanent basis.

    Hell, you might be able to modify a tomsrtbt to do this and wipe (or dd if=/dev/zero of=/dev/fd0; dd if=/dev/urandom of=/dev/fd0) the diskette once the ramdisk is loaded.

    IOW, this whole thing strikes me as more of a "stunt" than a "hack."

  • It seems to me like this would be an excellent way of giving IP to idiots. Which is the business MS is in. When I first start up/install WinXP, how come they don't do the same thing for me? Everytime my dad gets a new computer for his office, he calls me and tells me to come in and configure it for him. Why aren't all devices self configuring like this?
  • by Shagg ( 99693 )
    A pair of coders are now suggesting that it is possible, with a modified ... system ... to sneek into an office building and stick it on a network drop .. then probe for ways to connect to the outside world.

    You're kidding! Wow, how long did it take them to figure this out?

    In other news... banks have now been found to be extremely insecure. All you have to do is break in, shoot all the guards, dynamite your way through the vault... and you have unlimited access to all their money!!
  • by Henry V .009 ( 518000 ) on Thursday August 01, 2002 @01:29PM (#3993351) Journal
    If you mod the box into something black with LEDs, it might not look so out of place. Especially if you tape a while piece of paper with "67...2 Router:Smurphy" to the top (well not look out of place to the peons, anyway). Everyone will be afraid to touch it.
  • A dreamcast in an office building sticks out like a nun in a strip joint. Maybe if you hid the dreamcast in a suitcase or hid it under a bunch of papers in a filing cabinet, but not by itself.
  • by dstone ( 191334 ) on Thursday August 01, 2002 @01:34PM (#3993395) Homepage
    Take a look at the Dallas Semiconductor TINI. It's a Java runtime environment on a 72-pin SIMM, complete with ethernet, serial, I2C, parallel IO, battery up to 1 meg of NVRAM, filesystem emulated in RAM, etc, etc. You can write web or ftp services for it in a few lines of Java, thanks to the supplied classes. You develop your Java code on your PC, compile it to Java bytecode, and then FTP it up to the little TINI device. My description is not doing this hardware justice, so I'll leave some links below.

    Anyways, my point is this type of device is probably easier to program than a Linux Dreamcast. It may or may not be cheaper (sub-$100). And it's a lot easier to hide, if that's the goal. I've programmed a handful of hobby projects with this board, and it's really quite amazing for the price. (Compared to trying to implement an TCP/IP stack on a PIC microcontroller, say.)

    TINI hardware []
    TINI []
    TINI board resource center []
    more resources []
    DalSemi discussions []
  • Finally a reason to pull my dreamcast from out of my closet! This sounds way cooler than any game I ever had for the thing.

    The only problem I have is with the part about how if you brought it into a business they would think its just a game system. I would be immediately suspicious of anyone toting around a Dreamcast in this day and age. Maybe if they made this hack for a PS2, or better yet, for the XBox. Or the gamecube, Super Hack Brothers Melee...
  • It occurrs to me that a ThinkNIC would be an equally good platform for this.

    It's cheap, departmental grey, looks like a piece of network componentry, uses GPL'd software (easy to change for your evil ways), and boots from a CD.

    AC in and ethernet out...
  • Social Engineering (Score:2, Interesting)

    by Erwos ( 553607 )
    It strikes me that people have generally ignored a very valuable tool of hacking: social engineering. Kevin Mitnick proved its prowess, and we've all heard of him, no? A DC is technically feasible, but falls short on the social engineering front.

    So, I propose that instead of using a relatively conspicuous DC, or even a laptop, you buy a TINI computer: dex.html
    And then modify it into an old Cisco plastic shell. Write something like, "Cisco Network Load Balancer" or something (in a believable fashion), slap it in as close to the server room as you can.

    The issue here is not "can I crack people's networks from the inside?" but, rather, "can I _keep_ cracking the network for more than a couple weeks?" You think to look at a laptop or DC for a network spy, but who bothers to look at some random piece of Cisco hardware in a corner? I'd say the risk of discovery becomes far lower - and with TINI, you could theoretically put together a "button" that would wipe the contents of the device if it was moved.

    Just an idea.

  • by evilviper ( 135110 ) on Thursday August 01, 2002 @01:43PM (#3993441) Journal
    There is really very few ways to prevent such an attack. (I've been thinking about this for some time). Even if you had MAC-Address filtering, a drop machine could be configured to learn MAC addresses, and take over the MAC and IP when that MAC is no longer present on the network (is shutdown).

    The best way I could think of locating suspicious activity, is to setup a machine in the same range as the important servers... And investigate any connections to it (as no one should be connecting to it). This only stops the more active attacks though.

    To sniff data off the wire, you only need to be getting an electrical signal. You don't need a MAC or IP address. To prevent this kind of sniffing, you would really have to go around and verify that the each active port (on the hub/switch) corresponds to a machine that should be up and running.

    However, in a microsegmented network, where each network interface coresponds to a port on a switch, listening to the traffic on one port will not yeild much. So the sniffer would have to flood the switch with MAC addresses, or forged ARP replies. That kind of thing could be picked up if you monitor your switches.

    So the point? Use switches directly to the computers anywhere remotly important... And protect your uplinks (links from switch to switch, switch to router, router to router) so that no-one can tap into them.

    Of course, all this requires an incredibly great deal of manpower, and administrative vigilance. The real solution is to use IPv6 (or IPv4 with IPSec) since it encrypts all traffic.
  • Good spelling and grammar should be a mandatory requirement for all posts to any website. I can't believe Hemos didn't catch that. No, wait, yes I can.
  • by dstone ( 191334 ) on Thursday August 01, 2002 @01:58PM (#3993561) Homepage
    Don't waste your Dreamcast! If you have physical access to the building, desks, etc, then why not just jam in a bootable floppy and reboot an unattended machine to:
    1) port and service scan
    2) send out results via http/ftp/ping/email/etc
    3) wipe the floppy clean
    4) write an innoculous text or word document on the floppy
    4) reboot the workstation again

    This leaves nearly zero physical evidence that there was an intrusion. Just an abandoned floppy and a rebooted machine.

    Sure, you _might_ get past building security with a video game console in your bag. But I guarantee you'll get in with a floppy. And would you rather be caught plugging a floppy into a workstation or a video game console into the network?

    And you'll still have your Dreamcast at home, running DCMAME!
  • by Ryu2 ( 89645 ) on Thursday August 01, 2002 @02:38PM (#3993889) Homepage Journal
    Check out the SPINACH project at Stanford: ch.html []

    It's designed to precisely address this issue by limiting network access from hosts whose Hardware Ethernet addresses are unknown to the local subnet only (not past the router) until it is authenticated (by some password or other scheme). Thus, if you put a Dreamcast on a SPINACH network, it could only reach hosts on the immediate subnet, unless you spoofed the MAC address or something...

"The number of Unix installations has grown to 10, with more expected." -- The Unix Programmer's Manual, 2nd Edition, June, 1972