January 21st, 2005, 04:02 AM
Using "Hot Spots" for Malicious Activity
I was driving home from work one night and actually pondering the ease of using wireless "hot spots" for malicious purposes and I was wondering, could it really be that easy to use hot spots for malicious activity all the while masking your identity just as easily? Nevermind proxy servers, IP masking, backdoors and tapping into zombie computers....this just seems...well, too easy for anyone with enough smarts to realize it.
Let me elaborate. (correct me if I'm wrong too, I always welcome constructive criticism)
I'll use the Linksys DI-784 for my sample because that's the one I'm using, as well as my neighbor. Now, out of the box defaults:
DHCP IP range: 192.168.0.100 - 192.168.0.199
MAC Filtering: OFF
WEP/WPA: Disabled (it defaults to Open System)
(I'm not going to get into default channels and SSID broadcasts as I'm trying to keep this as simple as possible to explain).
This is the current state of my neighbor's wireless Linksys (the default setup). I know this because when I asked him if he secured it, he looked at me like I had 3 heads and kindly replied "No, I just plugged it in, used the wizard and starting using the internet". Not only that, but anytime I reset my Linksys (it restarts when you make changes to the router config and you temporarily loose the connection), my laptop found his network and connected to it. I did inform him as to the dangers of not securing it, and notified him that I've connected to his network before (not on purpose) and it was almost as if he was insulted, like I was calling him an idiot to his face. And I know what you're thinking right now, "why don't you just turn off the damn "Automatically connect to Non-Preferred Networks" option." Trust me, I did.
Now, here's my hypothetical situation:
Let's say I have a laptop with wireless capabilities. Let's say I go and find myself a a nice little MAC spoofing program. Let's say I go drive around and find a nice little "hot spot" like my neighbor's non-secured Linksys. I go ahead and spoof my MAC, connect to his network and start doing all kinds of malicious things. From what I know of my Linksys, the only information it logs for wireless connections is the time/date/MAC address and some other trivial information. So, let's think about this for a second.
I can use his network to do what I need to do, spoof my MAC so even with the router logs, it's of no help in finding me. Add to that, that all traceroutes would lead back to the Linksys and even if we scoured the Linksys routing table, we'd wind up finding a spoofed MAC attached to 192.168.0.x.
Now, here's my question: Can it seriously be that easy to use a non-secured wireless network for malicious purposes? With the simple use of a laptop with wireless capabilities and a MAC spoofing program and a little free time? please say it ain't so.
The object of war is not to die for your country but to make the other bastard die for his - George Patton