Beware The Honeypot

Many, Many years ago, when the USA was first settled, nobody worried about the neighbours. Anybody living in the wilderness was happy to see another human being - and if you went out to work in the fields during the day, you'd leave the front door latched (don't want the pigs or chickens wandering through the house), but nobody locked anything. If you had a front porch, you'd have an easy chair or two, and a bucket of water there for your guests. Anybody wandering by was free to "set a spell and have a drink".

When WiFi was first developed, nobody cared about freeloading. If you had a WiFi AP, you connected it to your Internet service, and left it open. Anybody wandering by was welcome to "set a spell, and borrow the connection". Then freeloading got serious - people like Walter Nowakowski, in Toronto, became common.

People would protect themselves, and WEP was developed. And people learned to crack WEP.

Some of the more ingenious WiFi owners became devious.

If I have a WiFi AP that's protected, and my neighbour has an AP not protected, any wardrivers will be using my neighbours, right? Nobody is going to go after a protected AP, when there's an unprotected one nearby?

and continued with
OK, if a wardriver sees 2 APs, he can't tell that's not two different people. I'll setup an unprotected AP, and wardrivers can use that.

Kind of like the front porch with the chairs and water bucket.
Yet there was more.
Why should I let folks use my connection, to download kiddie porn? The FBI will notify my ISP, and I'll lose my service. OK, disconnect the Internet from the open AP.

and the open AP became a Honey Pot. You can connect, but you aren't going anywhere.

Some WiFi security experts even laugh about the wanna be wardrivers. Maybe even keep logs by MAC address. The ones who really have idle time to kill might even use NetStumbler or similar software to seek out, by triangulating, the hapless wardriver, maybe take his picture or taunt him otherwise.

The really nasty ones might attach a computer, with a spoofing DNS server, and let you think (initially) that you're connecting to "www.google.com". Then they will try to serve you the hack of the week, from their computer. An old 486 laying around would be perfect for this task. Who cares if it takes 5 minutes to respond? That wardriver isn't going anywhere. Who cares if he gives up?

So, if you are using WiFi, and you're attached to an easy and seemingly available AP that you don't know about, use common sense.
  • Use PingPlotter or a similar tool to make sure that it actually connects somewhere.
  • And, for heavens sake, protect your computer!
  • And learn the difference between seeing
    Connected to XXXXXXX - Signal quality xxxxx.
    and actually having a connection, to the legitimate Internet.

Think.

>> Top

0 comments: