funsec mailing list archives

Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests

From: der Mouse <mouse () rodents-montreal org>
Date: Wed, 30 Jul 2008 23:21:43 -0400 (EDT)

If the hotel charges for internet access (and many do) it's actually
fairly trivial to match activity logs to room registration.


Depends on how thoroughly it's done.

I recently stayed at a place that had "open WiFi" which was actually
some weird pay-to-use system.  But I noticed DNS worked.  (Well,
mostly; they broke TCP fallback.  I don't know whether because they
didn't know the DNS used TCP or didn't care; I suspect they didn't know
but wouldn't've cared if they had known.)  I took a wild guess that
they had simply opened UDP port 53, set up an IP-in-UDP tunnel on port
53, and bing! instant connectivity back home.

I don't see any way they could link that to our registration, unless
possibly we were the only guests registration overlapping with all of
the periods during which I tunneled traffic (and even then, showing it
wasn't someone wardriving would have been hard).  (Or, perhaps, unless
one of the relevant people reads funsec... :)

Of course, this would have been fairly easy to defeat, if they had
wanted to (which of course would have required thinking of it; as
perhaps you can tell, my opinion of the technical ability of the people
who set it up is not high).

Wired connectivity, of course, is another story entirely.

(Normally, I don't like kludging around security like that.  But the
motel owner seemed somewhat ambivalent about the system, which was
outsourced; when we spoke with them they outright recommended toddling
up the street to a pastry/cafe place which actually _did_ have open
wireless - which, btw, was the place from which I connected back home
to set up the port-53 tunnel.)

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Richard M. Smith (Jul 29)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Jim Murray (Jul 30)
  - Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Tomas L. Byrnes (Jul 30)
    - Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Richard M. Smith (Jul 30)
  - Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests der Mouse (Jul 30)
    - Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests coderman (Aug 01)