PaulDotCom mailing list archives
Honeypot techniques for use in rogue APs.
From: cmerkel at gmail.com (Chris Merkel)
Date: Tue, 25 Aug 2009 08:45:46 -0500
The recent discussions on honeypots got me thinking - has anyone modified a wireless AP in a way to make it look like another device? A multi-function printer perhaps? (If the answer is "It's in Paul's book" - I will go out and purchase it right away ;-) What if: You could leave telnet open to allow logons to actually manage the AP (you would have to pick a print server that requires a logon, so it would look legit), from there, you would need to modify OpenWRT to run: FTP/21 - allow anonymous logons, set up the folder structure, change the banner HTTP/80 - Mirror the status pages from a typical print server TCP/515 - lpd TCP/631 - ipp TCP/9100 - lpd / jetdirect You would also need to change the MAC address to the vendor ID of the device you're emulating. If you wanted to get really crafty, you could figure out a way to forward packets sent to 515,631 and 9100 to forward to an actual network printer on the same subnet. Let's say you did all of those things - think you'd be able to fool nmap's service fingerprinting? What if you found a match between a printer and AP, so that they're running a similar embedded linux kernel - that would fool nmap's TCP fingerprinting, right? I don't have a WAP readily available, nor the time in the next few months to hack something together, but if anyone else is headed down this road, I'd be interested to know. -- - Chris Merkel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090825/1d4c1f34/attachment.htm
Current thread:
- Honeypot techniques for use in rogue APs. Chris Merkel (Aug 25)
- Honeypot techniques for use in rogue APs. bytes abit (Aug 25)
- Honeypot techniques for use in rogue APs. Nathan Sweaney (Aug 25)
- Honeypot techniques for use in rogue APs. bytes abit (Aug 26)
- Honeypot techniques for use in rogue APs. Nathan Sweaney (Aug 25)
- Honeypot techniques for use in rogue APs. bytes abit (Aug 25)