WiFi Honeypots sprouting – “honeyspots”?

1
Posted by David Sifry on July 29, 2002 at 10:31 am

SecurityFocus Online reports
on a system built by government contractor
SAIC that sets up a wireless
honeypot in order to research and track the
hacking methods used in the wild to break into 802.11b networks.

The network has five Cisco access points, a handful of deliberately
vulnerable computers as bait, and two omnidirectional high-gain antennas
for added range. On the back-end, a logging host gathers detailed
connection data from the access points, while a passive 802.11b sniffer
with a customized intrusion detection system monitors activity in the
wireless neighborhood.

The project hasn’t reported significant intrusion attempts in the 6
weeks it has been in operation. However, it is generating enthusiasm in
the honeypot community, and may spawn similar projects in other cities.

It’s a cool idea, and getting real-world data on black-hat attempts to
hack into wireless nets is very important, especially as WiFi use
continues to come in the back door of corporate networks. Good
intrusion detection tools that use the data gained in these honetpot
situations will increase overall wireless LAN security, and projects
like this will serve to further inform the world on the security
aspects of wireless networks.

However, this also further exposes a nest of legal questions. For
example, as Russ Nelson
asks
on the BAWUG mailing list, “So if I park within
range and open up my Win/XP laptop and it DHCPs an address with no
intervention on my part, am I guilty of a crime?” In other words, how
does one judge intent?

This is not a simple matter to brush off – People like Randall Schwartz
got convicted for intrusion,
even though he was actually trying to fix a security problem, and a
recent report that
a computer security expert living in Houston, TX was indicted on two
counts of fraud because he demonstrated to a county official and a
newspaper reporter how easy it was to gain access to the court’s system
using only a laptop computer and a wireless LAN card.

One final question: As these honeypot hotspots proliferate, will we call them “Honeyspots”?

Share

Related posts:

  1. Sputnik puts new AP in Orbit
  2. Big Cometa, Intel WiFi announcements
  3. IBM announces new Distributed Wireless Security Auditor
  4. WiFi and the WAR prefix
  5. Microsoft to begin selling WiFi gear

Both comments and pings are currently closed.

Posted in: Uncategorized

This article has 1 comment

  1. Jason 08/05/2002, 7:50 pm:

    Very, very cool. I’ve always been intrigued by honeypot networks; the logical extension is honeyspots, and it’ll be neat to see what comes from them — new hacker tools, new detection tools, and better security for the wireless medium, one would hope.

Across the Web

  • Facebook
  • Twitter
  • Flickr
  • Youtube

Twitter

Javascript needs to be installed to view the twitterfeed. Get Javacript

Follow Me on Twitter

Blogroll

Personal