Honeypots mailing list archives
Re: Wireless honeypots
From: "Talisker" <offthecuff () lineone net>
Date: Mon, 27 Jan 2003 20:26:19 -0000
Hi Matt I think it depends on what you wish to achieve, tracking the activities of the wardriver or apprehending them. If it's the former then just stick ethereal on the input, but this will be discovered with trivial ease. Once inside the network is there much more to be learned from a wardriver that you cannot learn from an Internet based Honeypot? That brings us to apprehending them, the joy of wardriving is the anonymity of it all, it is difficult to physically locate the intruder. I've been thinking about this for a while, even looking at the possibility of three access points and triangulating the location of the wardriver. I suspect the carrot of free Internet access would be a better draw than seemingly interesting data. <humor> Don't do this near a train line, I have a friend who has been wardriving (passively) on a main line route. At 125MPH with a high gain antenna you only have enough time to get issued an IP address before you leave the footprint of the AP. He can't be the only one, anyone running a honeypot will see loads of wardrivers for a few seconds each time. Triangulation would be a nightmare!! </humor> I have also been playing with a high (+17dB) gain directional parabolic dish, with the thought of homing in on a rogue AP or wardriver. Another alternative is wardriving yourself with a GPS attached and feeding the output into MapPoint through StumbVerter. Both these methods are active and the attacker will see the variance in your signal as you travel around. thoughts? take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Matt Harris" <mdh () unix si edu> To: <honeypots () securityfocus com> Sent: Monday, January 27, 2003 7:06 PM Subject: Wireless honeypots
Has anyone every theorized the possibility of a wireless honeypot - that is, a wireless ethernet with a wide-open access point (or a somewhat more secured one if you want more interesting data...) with maybe one or two honeypot hosts behind it (not connected to the internet, so no worry of problems with being used as a launchpoint for attacks)? Sounds like a possibly fun idea - I'm thinking about doing this in various geographic areas (my workplace in downtown DC, my home in Bowie MD, etc) in order to gather statistical data about who/where is sniffing/searching for open wireless ethernet access. If anyone else finds this idea interested let me know, maybe we could correlate efforts, etc. -- /* * * Matt Harris - Senior UNIX Systems Engineer * Smithsonian Institution, OCIO * */
Current thread:
- Wireless honeypots Matt Harris (Jan 27)
- Re: Wireless honeypots Alan Neville (Jan 27)
- Re: Wireless honeypots Marcelo Barbosa Lima (Jan 27)
- Re: Wireless honeypots Jeremy Bennett (Jan 27)
- Re: Wireless honeypots Matt Harris (Jan 27)
- Re: Wireless honeypots Alan Neville (Jan 27)
- Re: Wireless honeypots Jeremy Bennett (Jan 27)
- Re: Wireless honeypots Talisker (Jan 27)
- <Possible follow-ups>
- Re: Wireless honeypots Garrett Sinfield (Jan 27)
- Re: Wireless honeypots DKezer (Jan 27)