Comments on: OWI: Yet Another Anonymous Point of Attack?

By: TP

TP — Tue, 29 Jul 2008 18:57:15 +0000

Why should anonymously be a bad thing? It’s a bit the standard argument if you have nothing to hide you should not fear the new anti-privacy laws and procedures.

Their can be many reasons to be anonymous with out being hacking, cracker or terrorist.

By: LonerVamp

LonerVamp — Tue, 08 Jul 2008 16:29:47 +0000

I’m not sure I see much difference from any other wireless hotspot. I don’t think I’ve ever used one that would have been able to find me had I been nearby and doing something naughty. And even if I felt like someone may be watching, I can just up and move. And I have yet to see or even hear of any wireless/hotspot implementation that has resident geeks or IT at hand enough to do anything about whatever I do.

I don’t see this as much different from how things were in 2003, but I admit as access becomes more ubiquitous and free, the capability to track malicious activity to a physical person becomes a more apparent challenge.

By: marchiner

marchiner — Sat, 05 Jul 2008 09:15:25 +0000

Hi Adrian,

sorry for calling yoy… “pdp”.. credits for “pagvac”.”Pdp” itÂ´s a nice guy, but no credits for him now! I just sow the mistake minutes after posting…

But so…

LetÂ´s came back to the topic…

“Iâ€™ve also researched alternative ways (different MAC cloning) to get free Internet at hotels which I presented at a Defcon meeting in London. Perhaps I should upload the slides to GNUCITIZEN!”

Please… post your presentation.. as it possible! I live to far away from London, so itÂ´s hard watch this things. Thank god… Internet exists! :D

Continue ….

This week i had a conversation with some people that represent companies like “3com” and deploy corporative wireless. So… something like:

Wireless Switch + 802.1x + radius… and blah blah blah!

Someone there said about some changes on XP SP3 and Win Vista.

Where 802.1x will become first than layer 2…
but i donÂ´t knows if this is true.. i didnÂ´t research anything about it yet. But i will do soon. If this is right, “MAC cloning is out” i believe.

Do you know something about it “pagvac” not “pdp”? :D

By: pdp

pdp — Fri, 04 Jul 2008 20:26:30 +0000

I agree with Adrian. It becomes significantly harder to track the real location where an attack is launched from. If the attacker is not sloppy and has some basic knowledge regarding IT (some of them don’t) then s/he can hide her/his tracks to the extend that is no longer feasible to launch a pursuit. Think of FON.

By: Adrian 'pagvac' Pastor

Adrian 'pagvac' Pastor — Fri, 04 Jul 2008 19:47:23 +0000

@bluebirch: who needs a fake passport when you’re on a plane with more than 500 passengers. The question is: which passenger committed the crime? That’s the challenge. But then again, I’m not saying it’s impossible to catch the bad guy on the plane. Your point of more than valid.

@Marchiner: this is pagvac, notice the author at bottom :).

I’m aware of MAC cloning for using commercial APs for free. Once you login with a registered account that has Internet time, the system simply identifies you based on your MAC address which can be cloned both on Win and *nix. The only problem with MAC cloning for free Internet access is that you don’t want to clone the MAC address of a user that is currently online as it corrupts the network traffic. So Ideally you want to collect a list of MAC addresses of users who have online access, and only clone a given MAC address while its respective user is NOT online.

I’ve also researched alternative ways (different MAC cloning) to get free Internet at hotels which I presented at a Defcon meeting in London. Perhaps I should upload the slides to GNUCITIZEN!

By: Sandro Gauci

Sandro Gauci — Fri, 04 Jul 2008 19:32:57 +0000

I see it differently. The speed at which the attacker is traveling doesn’t really matter. I think that if the attacker is on a train or a plane, then the destination is a known and static one. Once he or she is off the plane or train, that’s where he/she can be caught by the local police / mafia / whatever.

Of course, unless the attacker hijacks the plane or train. But we’re not talking about terrorist plots here.. I hope :)

By: cedric

cedric — Fri, 04 Jul 2008 18:58:59 +0000

You left out, the trains login portal actually tells you to log in as “guest”.
It did the last time I was on the train from KingsCross to Peterborough.

Your right the implementation is from a Swedish firm, but your missing out talking about the routing in depth (network mapping skills) and their interesting proxy provider.

What about the GPS????

By: Radu

Radu — Fri, 04 Jul 2008 18:22:27 +0000

I don’t think this is that much of an issue. Most of these Open Hot-Spots only allow http/https/smtps/imap/im traffic. I know http/https are more than enough for a lot of attacks but even if you identify the source of an attack trough these protocols you might just end up seeing a TOR exit node, so i can’t imagine why this is such a serious issue. At least for OWI you might have some actual data to tie to the attacker: credit card purchase of train tickets or, even better, a flight passenger list. Frankly the only alternative to this issue, as far as i can see, is a total lack of anonymity and i don’t find that very comforting.

By: bluebirch

bluebirch — Fri, 04 Jul 2008 15:04:13 +0000

Security-threw-identity doesn’t work. Even if you could remove all anonymous access you would do more harm than good. Journalism needs anonymity for example. And anonymous access on planes? C’mon you need fake passports to get on anonymously and if it gets tracked to the plane there is no way to escape.

By: Felipe

Felipe — Fri, 04 Jul 2008 12:34:51 +0000

Indeed all these anonymous attack points will become an issue. Hotels that offer free WiFi to clients are also just as good. I am staying at a nice hotel in Brussels (there is a NATO conference btw right now) with a nice open and free WiFi that can even be accessed by the guests of the next door competition hotel.

It something ever happens the farthest it can be traced would be to say the hotel, train, plane, etc. The level of granularity that the free provider uses from then on (be able to distinguish that the specific connection belongs to the passenger in place X or Y or to hotel guest in room 333) will not help much either as we come to the same situation as a home open wireless network.

A paradise of anonimity for the new shool ever travelling hacker.

By: Marchiner

Marchiner — Fri, 04 Jul 2008 11:56:37 +0000

Pdp.

On –> “Onboard Wireless Internet”.

Where –>1. You have open access pointÂ´s.
–>2. You connect and your browser redirectÂ´s to a login page.

if –>1.Use something like airodump-ng, and search for MAC clientÂ´s associated to the access point.
–>2. Select of of the MACs and clone it to your interface.
–>3. Try one dhcp client.
–>4. If there is no dhcp, just try to snif something and setup right ip config.

them –> This may grant you access ??