Firewall Wizards mailing list archives
Anti-Warchalking attack?
From: Paul Robertson <proberts () patriot net>
Date: Tue, 3 Sep 2002 14:14:32 -0400 (EDT)
Ok, So, I got to thinking and got some off-list mail that made me think of a couple of interesting things. An interesting anti-warchalking attack could be to put false chalks with invalid SSIDs and WEP keys around the building(s). I took the thought one step further- you could announce a honeypot in your chalking and start gathering MACs and even do some interesting direction finding stuff and recon patterns against would-be attackers/abusers/users. While I wouldn't go banning all the MACs that connected, I'm pretty sure I'd alert based on a MAC I'd seen on the chalked WLAN that didn't match a "known" good one. Might be an interesting way to get a WAP and a couple of servers into the budget if your organization is going to do wireless networking. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Anti-Warchalking attack? Paul Robertson (Sep 03)
- PIX VPN Question Richard Worwood (Sep 03)
- Re: Anti-Warchalking attack? Marcus J. Ranum (Sep 03)
- Re: Anti-Warchalking attack? Darren Reed (Sep 03)
- Re: Anti-Warchalking attack? H. Morrow Long (Sep 03)
- Re: Anti-Warchalking attack? Paul D. Robertson (Sep 03)
- <Possible follow-ups>
- RE: Anti-Warchalking attack? Behm, Jeffrey L. (Sep 04)
- RE: Anti-Warchalking attack? Scott, Richard (Sep 04)
- RE: Anti-Warchalking attack? Paul D. Robertson (Sep 04)
- Re: Anti-Warchalking attack? John McDermott (Sep 04)
- RE: Anti-Warchalking attack? Paul D. Robertson (Sep 04)