funsec mailing list archives
Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests
From: der Mouse <mouse () rodents-montreal org>
Date: Wed, 30 Jul 2008 23:21:43 -0400 (EDT)
If the hotel charges for internet access (and many do) it's actually fairly trivial to match activity logs to room registration.
Depends on how thoroughly it's done. I recently stayed at a place that had "open WiFi" which was actually some weird pay-to-use system. But I noticed DNS worked. (Well, mostly; they broke TCP fallback. I don't know whether because they didn't know the DNS used TCP or didn't care; I suspect they didn't know but wouldn't've cared if they had known.) I took a wild guess that they had simply opened UDP port 53, set up an IP-in-UDP tunnel on port 53, and bing! instant connectivity back home. I don't see any way they could link that to our registration, unless possibly we were the only guests registration overlapping with all of the periods during which I tunneled traffic (and even then, showing it wasn't someone wardriving would have been hard). (Or, perhaps, unless one of the relevant people reads funsec... :) Of course, this would have been fairly easy to defeat, if they had wanted to (which of course would have required thinking of it; as perhaps you can tell, my opinion of the technical ability of the people who set it up is not high). Wired connectivity, of course, is another story entirely. (Normally, I don't like kludging around security like that. But the motel owner seemed somewhat ambivalent about the system, which was outsourced; when we spoke with them they outright recommended toddling up the street to a pastry/cafe place which actually _did_ have open wireless - which, btw, was the place from which I connected back home to set up the port-53 tunnel.) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML mouse () rodents-montreal org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Richard M. Smith (Jul 29)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Jim Murray (Jul 30)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Tomas L. Byrnes (Jul 30)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Richard M. Smith (Jul 30)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests der Mouse (Jul 30)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Tomas L. Byrnes (Jul 30)
- Re: Sen. Brownback Spotlights Chinese Order to Spy on Olympic Hotel Guests Jim Murray (Jul 30)