Using "Hot Spots" for Malicious Activity
Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Using "Hot Spots" for Malicious Activity

  1. #1
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718

    Using "Hot Spots" for Malicious Activity

    I was driving home from work one night and actually pondering the ease of using wireless "hot spots" for malicious purposes and I was wondering, could it really be that easy to use hot spots for malicious activity all the while masking your identity just as easily? Nevermind proxy servers, IP masking, backdoors and tapping into zombie computers....this just seems...well, too easy for anyone with enough smarts to realize it.

    Let me elaborate. (correct me if I'm wrong too, I always welcome constructive criticism)

    I'll use the Linksys DI-784 for my sample because that's the one I'm using, as well as my neighbor. Now, out of the box defaults:
    DHCP IP range: 192.168.0.100 - 192.168.0.199
    MAC Filtering: OFF
    WEP/WPA: Disabled (it defaults to Open System)
    (I'm not going to get into default channels and SSID broadcasts as I'm trying to keep this as simple as possible to explain).

    This is the current state of my neighbor's wireless Linksys (the default setup). I know this because when I asked him if he secured it, he looked at me like I had 3 heads and kindly replied "No, I just plugged it in, used the wizard and starting using the internet". Not only that, but anytime I reset my Linksys (it restarts when you make changes to the router config and you temporarily loose the connection), my laptop found his network and connected to it. I did inform him as to the dangers of not securing it, and notified him that I've connected to his network before (not on purpose) and it was almost as if he was insulted, like I was calling him an idiot to his face. And I know what you're thinking right now, "why don't you just turn off the damn "Automatically connect to Non-Preferred Networks" option." Trust me, I did.

    Now, here's my hypothetical situation:
    Let's say I have a laptop with wireless capabilities. Let's say I go and find myself a a nice little MAC spoofing program. Let's say I go drive around and find a nice little "hot spot" like my neighbor's non-secured Linksys. I go ahead and spoof my MAC, connect to his network and start doing all kinds of malicious things. From what I know of my Linksys, the only information it logs for wireless connections is the time/date/MAC address and some other trivial information. So, let's think about this for a second.
    I can use his network to do what I need to do, spoof my MAC so even with the router logs, it's of no help in finding me. Add to that, that all traceroutes would lead back to the Linksys and even if we scoured the Linksys routing table, we'd wind up finding a spoofed MAC attached to 192.168.0.x.

    Now, here's my question: Can it seriously be that easy to use a non-secured wireless network for malicious purposes? With the simple use of a laptop with wireless capabilities and a MAC spoofing program and a little free time? please say it ain't so.
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  2. #2
    Senior Member
    Join Date
    Mar 2003
    Posts
    135

    Re: Using "Hot Spots" for Malicious Activity

    Originally posted here by ShagDevil

    Now, here's my question: Can it seriously be that easy to use a non-secured wireless network for malicious purposes? With the simple use of a laptop with wireless capabilities and a MAC spoofing program and a little free time? please say it ain't so.
    Yes.

    And the nicest part? It's as easy as
    Code:
    ifconfig wlan0 hw ether macaddress
    if you're running linux with the wireless tools.

    Sleep well...

  3. #3
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    lmao keysersoze "sleep well" and ShagDevil thats just life i guess. Thinkj about it though, the same people who dont know enough to call their computer anything but a "modem" and the people who do not know what word and excel are for are now setting up wireless networks.

    The issue is technology gets easier to use but it can only be so secure for somethin that easy. If i invent soemthin as easy to setup as the new routers that automaticlyl sets up an ACL, Encyption, etc then I WOULD BE ONE RICH MAN!!!

  4. #4
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    ShagDevil, you've already answered your own question. This is one of the reasons why the 'free hotspot' craze that was first imagined and trumpeted didn't really take off. Many businesses were concerned about the liability of being used as the launch point for Slammer 2.0, or for the cracking of some porn site and the theft of several thousand credit card numbers. With solutions such as the T-Mobile paid hotspot, they have some sort of tracking and authentication. With the freebie ones, they don't really have any control. Yes, one can say "user beware" and "we can not be held responsible for the use of this service"...but those are just phrases you read on signs. When the company is hauled into a district courtroom on a negligence case, their idea of a 'free hotspot to generate more business' won't seem nearly as appealing.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  5. #5
    Some Assembly Required ShagDevil's Avatar
    Join Date
    Nov 2002
    Location
    New Jersey
    Posts
    718
    Sleep well...
    Oh I will, trust me. Here's my recipie for a good night's rest if you own a wireless network:
    1 part MAC filtering
    1 part WPA-PSK or WPA
    1 part limited IP ranges
    1 part disabling SSID (optional)
    6 beers
    4 donuts (preferably Boston Creme)
    stir ingredients together, bake at 450. enjoy

    In any event then, this begs the question: Should wireless routers come more secure out of the box? What about making it mandatory in the Setup Wizard to at least enable MAC filtering? Maybe some documentation on how to discover what your MAC address is and how to add it to the router's filter? Maybe a little addition to the Setup Wizard that asks how many computers will be connected to the router and then establishing an IP range based on the user's answer (instead of the default range the Linksys hands out)?
    Or are we to go with the other school of thought: screw the user if they won't take the time to learn about securing their wireless router and let the rest of us who do care have to deal with the consequences?
    The object of war is not to die for your country but to make the other bastard die for his - George Patton

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,178
    Zencoder..................interesting point:

    When the company is hauled into a district courtroom on a negligence case, their idea of a 'free hotspot to generate more business' won't seem nearly as appealing
    I only have to go to my local railway station to get a (legitimate) free wireless "hot spot". Over here the legal view would be that you can supply a telephone, and it does not make you responsible for someone using it for drug dealing, terrorism, blackmail, ransom demands etc...............it is the same with wireless and the net?..............the technology is not bad...............only some of the users?

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Dead Man Walking
    Join Date
    Jan 2003
    Posts
    810
    Ive got to go with nihil on this one. It would be like someone trying to hold lynksys responsable for a hack because thier product was used. Or its jack daniels fault someone got drunk and drove.

    But on the other side of the coin we are talking about 2 completely different things. There is a world of difference between a company providing a free service to the public like nihil's example and a private individual setting up wireless for his home. Legaly he may not be responsable but moraly he should be. Any one with a wireless network should do everything reasonable to prevent it from being missused.

    Now im not very familiar with wireless networking so I have a question along a similar line. Is there an application of some sort that will alert computers on a network when another computer joins? I know it would probably have to be built into the firmware. If it doesnt exsist it wouldnt be a bad idea. Then also a way to dissconnect a connection. For example Joe Blow is sitting at home surfing the net. He knows his wife is in the bedroom on her laptop talking to her boyfriend in another state. Nobody else is home. All of the sudden an alert pops up on his screen saying a 3rd computer has connected to the network. After about 30 seconds of checking to make sure its not another legitamite user Joe has the option to push a button and basicaly say "not on my watch, buddy".

    Now I know there are going to be any number of posts as to why that wouldnt work. People arent on their computers 24/7. True but it would make a signifigant decrease in the amount of unauthorized use. Or how would you keep the hacker from recieving the same message and severing everyone elses connection to that network. Easy, Have the message sent to one specific IP address and set a box on the network to a static IP.

  8. #8
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    As others have said, it really is very easy to get onto an unsecured WAP.

    Most WAPs don't have the logs enabled by default... so in many cases, it will log nothing.
    If there are logs, (and they are not logging to a syslogd server) then it'll be overwritten pretty quickly. The buffer and memory size for logfiles in those SOHO routers are not much. Easy enough to flood any of your activity out of the files.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  9. #9
    AO Senior Cow-beller
    Moderator
    zencoder's Avatar
    Join Date
    Dec 2004
    Location
    Mountain standard tribe.
    Posts
    1,177
    Originally posted here by nihil
    I only have to go to my local railway station to get a (legitimate) free wireless "hot spot". Over here the legal view would be that you can supply a telephone, and it does not make you responsible for someone using it for drug dealing, terrorism, blackmail, ransom demands etc...............it is the same with wireless and the net?..............the technology is not bad...............only some of the users?
    I agree completely, if you are offering it for free, you're doing a service! But the state of legal practice in the US is pitiable at best. Our court system heard (and ruled on) a civil case where an elderly woman bought a cup of coffee from a McDonalds drive-thru, took the lid off to drink it (while still in her car), spilled it in her lap and received some serious burns due to the temperature of the drink. McDonalds stated they serve coffee very hot so it will be an acceptably warm temperature when the customer arrives at their location and can consume the drink. She sued...and won, I believe. It say's on the menu HOT COFFEE but the court ruled in her favor.

    It is just that sort of thing that keeps businesses wary of these sorts of practices. I agree, if they offer the service as a benefit to the community with the self-serving goal of attracting more business (which I believe is completely acceptable. Thats just good business.) you shouldn't be held accountable. But then this lady sues McDonalds and our mom-and-pop owned book store that wants to give free WiFi-broadband reconsiders, thinking that if something happened, they could get sued and lose everything they own.
    "Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
    Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
    "...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore

  10. #10
    Member
    Join Date
    Oct 2002
    Posts
    81
    On the flipside of the coin, i pondered some people setting up hot spots to further there malicious activities. For instance, lets say your neighbor really did know what he was doing, and just played dumb. You connect to the access point, on accident, or on purpose because your just looking for free bandwith and you never know what setup he has on his end. You assume that its just a router or AP, but it's really routed through another computer with ethereal and he's picking up all your dropped packets. He could also have some kind of script running where he could try to copy your network shares. I'm not sure about the feasibility of all this, as i haven't seriously tried to think and develop a system around it. but anyone with enough time and a good location could do some serious datamineing with something as simple as a public hotspot. I would think twice about it, but would alot of other people? And also with Windows XP, its such a nobrainer that you could get connected to it without even thinking. I had someone in my office, that would always connect to an AP 2 floors above our office and they didn't even know it until they couldn't access our network shares. I kind of wonder how many Trojan Public Hotspots there could actually be out there.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides