h a l f b a k e r yPoof of concept
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
Please log in.
Before you can vote, you need to register.
Please log in or create an account.
|
Some folks troll around for free wireless networks they can use. [Braubeaton] recently demonstrated my ignance as regards wireless technology, but my understanding is that the computer detects the signal and whether or not there is a password required, and away you go.
I propose that exactly this
same signal be sent out, but instead of hooking into the internet, the user will hook into a system that appears to be the internet, but actually is a self-contained system designed to mimic the internet but connect the user to various areas in response to commands, deliver confusing feedback, and generally be useless. Examples: the user types in Yahoo.com and is connected to web pages celebrating Australian superstar Yahoo Serious. Attempts to shop on line at Amazon always culminate in a shopping cart with one book on marmots. Many, many, many popups would occur, or actually popup since it would be the same marmot related popup over and over. You get the idea. Note that although these are web pages, the user would not actually be on the internet - just a simulacrum.
The hilarity could be documented with hidden camera by persons desperate for reality TV material. Or the wireless emitter and fake internet could be portable, and set down near Starbucks and other wireless sites in hopes of luring away some folks to the fake network.
Black Alchemy's Fake Access Points
http://www.blackalc....to/project/fakeap/ A proof of concept released under GPL [jutta, Nov 24 2004]
honeyd - honeypot demon and -environment
http://www.honeyd.org/ Not limited to wireless, but a good platform to get started and take care of the low-level stuff with. Their configuration examples include one for a fake wireless access point. [jutta, Nov 24 2004]
Wireless Honeypot in DC area
http://www.securityfocus.com/news/552 Hacker-turned-journalist Kevin Poulsen on WISE, an government contractor experiment intended to study hacking of wireless networks. [jutta, Nov 24 2004]
[link]
|
|
You can call the fake environment the "Innernet" so as to maximize confusion. Cute Amazon example :) |
|
|
The technical term for this would be a "wireless honeypot." A "honeypot" is a general term for a network or machine set up to attract intruders and present them with a fake target. |
|
|
Amusingly, this is used by both sides - by spooks to lure unsuspecting hackers into revealing their tools and methods, and by hackers to lure unsuspecting owners of 802.11-aware tools into revealing their passwords and keys. |
|
|
Nobody's turned it into a reality television series yet, though. |
|
|
Other uses could involve gatewaying all searches through a thin proxy that magically adds your company as the first match for just about any query, or that adds your reseller ID to any URL to, say, amazon. I'm not even sure whether that would be completely illegal. |
|
|
Baked or not, this is a genius idea, probably because of the surreal marmot links. |
|
|
Many access points, such as T-Mobile at Starbuck's, will route you to a particular "startup page", regardless of your selected web address. If you have a system like that, all you need to do is simulate the entire Internet, and you're done. |
|
|
//my understanding is that the computer detects the signal and whether or not there is a password required// |
|
|
Some programs are more sophisticated, and can filter out "password encrypted" WAPs. I'd also like an option to detect Fake Wireless sites. |
|
|
Oh, the projects going real good. It'd taking forever though.... |
|
|
"You haven't won a prize! Click here to see what you're not missing!" |
|
|
"Warning: your computer may be infected with spyware! Click here to download a random piece of software that for all you know may be a keystroke reader." |
|
|
actually this was done at the last defcon convention in
vegas where a serruptitious network was set up using a
method that replaced incoming .jpg images on all web
pages with goatse. rather fun watching peoples
embarasment and how fast they covered their screens. |
|
|
what's wrong with goats ? |
|
|
Is there a way make sure your wireless connection is actually to the real internet? |
|
|
I do not think there would be any way to detect the "thin proxy" described by [jutta], above. Otherwise, overabundant marmots might be a giveaway. |
|
|
I propose calling this technique "Apdriving". Unlike Wardriving where you are looking for an access point, in Apdriving you provide one. |
|
|
what's wrong with goats ?
neilp, Dec 20 2004 |
|
|
Type goatse into the wikipedia and you
will find out.... over 18 please. |
|
|
*Sniiifff!...* Ahh! I can smell the evil halfbaking. |
|
| |