Firewall Wizards mailing list archives
RE: Anti-Warchalking attack?
From: "Paul D. Robertson" <proberts () patriot net>
Date: Wed, 4 Sep 2002 15:53:48 -0400 (EDT)
On Wed, 4 Sep 2002, Scott, Richard wrote:
to ensure secure Wireless networks are architected. By posting signs, isn't this entrapment and enticement mixing in that gray area again? It will
If I'm enticing them to either a network that doesn't exist or to a honeynet (one might just say I'm advertising my honeynet) then it's only a big deal if (a) I'm a government, or (b) if I intend to prosecute them for hitting my honeynet. I'd just use the honeynet for gathering MAC addresses, recon patterns, etc. Good point though, so to be clear, I'm most certainly not advocating enticing folks to enter your "real" network and monitoring and prosecuting them. In that case, I think the company would deserve the thrashing it'd (hopefully) get from the defense. That's part of my problem with this whole scheme though- there is zero authenticity in marks on a wall.
depend on the virtue of the law of that country. These signs could be interpreted as common hobo public signs that are used to permit access to a resource. I am not going to venture to far down this road however, because as soon as you begin injecting incorrect information, the users will only address that data from trusted sources, the underground.
They're going to do that anyway though- but those are the folks you *really* want to guard against and take action against, not the ones who think that finding marks on a wall is an indication of their 'leet hax0r skillz. Poor protocol choices are poor protocol choices, if it's FTP, WEP or deciding that marks on a wall are indicative of permission to use a network. We quickly get into murkier gray areas where an employee without authorization decides it can't hurt to invite anyone in sight of the building onto the network. Let's say I work at a retail company, and I decide that all my high school buddies should be able to surf the 'Net through that company's wireless network, and what the heck- I just got this 'leet chalking card... So I post the SSID and WEP key that my cash register[1] is using on the outside of the building. Now, someone sees it and uses the network to download MP3s of copyrighted materials. Let's say that someone else uses it to probe corporate HQ over my WAN, and a third person decides to attack a Web site. Now, does RIAA, go after the guy who exercised "free speech" on the side of the building, the company, the end-user, or some combination of the above? Does the company go after the employee (and for what?) How would the retailer protect itself? How would it distinguish folks "just using the advertised network" from those who were "malicious?" What about the bad press? Is the bad guy probing corporate safe from prosecution because of the implied invitation? Once again, we're already stuck with crappy insecure protocols on the transport side. I'm not a big fan of coupling them with crappy protocols on the usage side. Paul [1] Those who'd decide that such things shouldn't be connected to the Internet would also decide that nobody'd put in-the-clear 802.11 traffic in a retail POS environment[2]. [2] Sorry, it's just such a good example that I couldn't resist. ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Anti-Warchalking attack? Paul Robertson (Sep 03)
- PIX VPN Question Richard Worwood (Sep 03)
- Re: Anti-Warchalking attack? Marcus J. Ranum (Sep 03)
- Re: Anti-Warchalking attack? Darren Reed (Sep 03)
- Re: Anti-Warchalking attack? H. Morrow Long (Sep 03)
- Re: Anti-Warchalking attack? Paul D. Robertson (Sep 03)
- <Possible follow-ups>
- RE: Anti-Warchalking attack? Behm, Jeffrey L. (Sep 04)
- RE: Anti-Warchalking attack? Scott, Richard (Sep 04)
- RE: Anti-Warchalking attack? Paul D. Robertson (Sep 04)
- Re: Anti-Warchalking attack? John McDermott (Sep 04)
- RE: Anti-Warchalking attack? Paul D. Robertson (Sep 04)