IDS mailing list archives
Re: Is this for real?
From: "Matt D. Harris" <mdh () solitox net>
Date: Tue, 10 Apr 2007 10:52:58 -0400
Stefano Zanero wrote:
Firstly, it's a totally dumb system for INTRUDERS. At most it will work against your careless neighbor or run-of-the-mill wardriver.
Yeah, this seems a bit silly. It seems far more likely to be genuinely effective against the coffee shop mistake scenario than an actual break-in attempt.
Secondly, it is probably illegal to do anything like that. Intercepting communications of someone else, getting his passwords and his email, in Italy would lead to prosecution under at least 3-4 different titles of our penal code. IN PARTICULAR if you do it routinely against people who mean you no harm (e.g. I sit down in a Starbucks, and pick up YOUR wireless LAN instead of the shop's one... and you log all of my accounts ?!)
I don't believe there would be any criminal liability - you've gotta be permitted to monitor communications in your own home, otherwise parents wouldn't be able to use software that monitors their childrens' PCs. Plenty of folks have run wireless honeypots that passively monitor attempts by unauthorized users to gain access to, and subsequently utilize an 802.11 network. If you actually took the information and used it, that'd change things, but the act of passively monitoring your own private network doesn't seem like it'd be illegal, though I'm no lawyer.
All in all, I think that this is almost as bad as "strike back technology", and has almost the same stink of snake oil to it.
Legality aside, this product doesn't seem likely to provide much useful information about a genuinely hostile intruder. If you consider what informaiton it *is* likely to provide, it starts to feel like it might just be a bit on the unethical side anyways. If you're considering this product as a genuine defensive tool, I'm inclined to say you're better off to just use strong encryption and authentication on your wireless network.
Stefano
- mdh -- /* * Matt D. Harris <mdh () solitox net> * Solitox Networks - Lead Project Engineer * [http://mdh.name/] */ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Is this for real? phil . johnson (Apr 02)
- Re: Is this for real? Matt D. Harris (Apr 04)
- <Possible follow-ups>
- Re: Re: Is this for real? phil . johnson (Apr 09)
- Re: Is this for real? Stefano Zanero (Apr 09)
- RE: Is this for real? Adam Graham (Apr 10)
- RE: Is this for real? Michael Bednar (Apr 11)
- Re: Is this for real? Jamie Riden (Apr 11)
- Message not available
- Re: Is this for real? Guilherme M. O. (Apr 11)
- Re: Is this for real? Stefano Zanero (Apr 09)
- Re: Is this for real? Matt D. Harris (Apr 11)