• Home

  • Documents

  • Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff...
18
www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc.

Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

Embed Size (px)

Citation preview

Page 1: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to© Toronto Area Security Klatch 2007

Adventures in Wireless Honeypots

Eldon Sprickerhoff

eSentire, Inc.

Page 2: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

A honeypot is an information system resource whose value lies in unauthorized or illicit use of that resource.

A wireless resource made available and monitored, just to see who connects and what they do.

Not quite an IDS; you're actively “offering” up a sacrificial lamb to the slaughter.

You've got to make it convincing.

Page 3: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

DIY

Cheap!

OpenBSD 3.7 or higher

Pretty much any hardware will work (laptop, NIC)

Create an access point, choose a good SSID.

Add appropriate ARP entries and fake IP's.

Add some fake traffic to it (pings of different sizes).

WEP or no WEP?

Power?

Useful?

Page 4: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

DIY Part Two

What's the largest open “mesh” community wireless network in the world?

Page 5: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

linksys

channel 6

Page 6: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Follow all the original steps to build an access point.

DHCP Server

Null Configured DNS Server

POP3 Server

IMAP Server

FTP Server

Telnet Server

WWW Server (and set up some good pages)

tcpdump

snort

Page 7: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Who would be so stupid<del><del><del><del><del><del>unwise to connect to this lame honeypot?

Page 8: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Infosecurity Canada 2006

“Protect Your Business”

100+ Vendors

2000+ Attendees (supposedly)

Arguably, some of the “best minds” in the corporate security arena.

Page 9: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 10: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 11: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 12: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 13: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 14: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 15: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Page 16: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Of course, this is bad, but I could have done much worse.

Google was the homepage (boring and benign).

Purely passive (didn't upload, no attacks).

Page 17: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Encrypt everything!

Firewall!

Don't blindly think that “linksys” is some grandpa with an open access point.

Hey, did I fool anyone today?

Page 18: Www.TASK.to © Toronto Area Security Klatch 2007 Adventures in Wireless Honeypots Eldon Sprickerhoff eSentire, Inc

www.TASK.to

Wireless Honeypots

Questions?

I could clean and package it up, let me know if there's any interest among you lazy bastards.


Honeypots e honeynets

Honeypots e honeynets

Technology
eSentire Managed Detection and Response · • Log Management Collects, and aggregates raw logs from various heterogeneous cloud and on premise sources, allowing eSentire SOC analysts

eSentire Managed Detection and Response · • Log Management Collects, and aggregates raw logs from various heterogeneous cloud and on premise sources, allowing eSentire SOC analysts

Documents
Honeypots: Visão Geral

Honeypots: Visão Geral

Documents
Honeypots / honeynets · Honeypots Honeynets ... Source: Honeypots: Tracking Hackers", Lance Spitzner, 2002 (book) Apr-16-09 presentatie naam 7 History

Honeypots / honeynets · Honeypots Honeynets ... Source: Honeypots: Tracking Hackers", Lance Spitzner, 2002 (book) Apr-16-09 presentatie naam 7 History

Documents
Honeypots Monitoring Attackers

Honeypots Monitoring Attackers

Documents
Dr. Honeypots - archive.hack.luarchive.hack.lu/2017/Dr.Honeypots-Hack.lu-2017.pdf · - Gen1 : network of honeypots - Gen2 : honeypots in a production environment, for example deployed

Dr. Honeypots - archive.hack.luarchive.hack.lu/2017/Dr.Honeypots-Hack.lu-2017.pdf · - Gen1 : network of honeypots - Gen2 : honeypots in a production environment, for example deployed

Documents
CmpE-220 Honeypots Final

CmpE-220 Honeypots Final

Documents
Honeypots final

Honeypots final

Documents
Do an-Honeypots 001

Do an-Honeypots 001

Documents
Deliverable D3.3 EPES Honeypots

Deliverable D3.3 EPES Honeypots

Documents
Honeypots Virtuales Ssi

Honeypots Virtuales Ssi

Documents
Coffee Klatch SoLoMo Case Study · Coffee Klatch SoLoMo Case Study . Background • Coffee Klatch is a small local coffee shop in Southern California with four locations. • Coffee

Coffee Klatch SoLoMo Case Study · Coffee Klatch SoLoMo Case Study . Background • Coffee Klatch is a small local coffee shop in Southern California with four locations. • Coffee

Documents
[Name] Coffee Klatch, [Community]

[Name] Coffee Klatch, [Community]

Documents
Esentire 2015 IAIC

Esentire 2015 IAIC

Business
36924807 Honeypots Seminar Report

36924807 Honeypots Seminar Report

Documents
Clear as FUD CCC eSentire PPT

Clear as FUD CCC eSentire PPT

Documents
Honeypots Workshop - CERT.br · PDF fileQ-CERT Honeypots Workshop - Doha, Qatar - April 18-19, 2007 Agenda •Background about the presenters •Concepts –Honeypots, Honeynets, etc

Honeypots Workshop - CERT.br · PDF fileQ-CERT Honeypots Workshop - Doha, Qatar - April 18-19, 2007 Agenda •Background about the presenters •Concepts –Honeypots, Honeynets, etc

Documents
Honeypots Seminar Report

Honeypots Seminar Report

Documents
eSentire MDR for Endpoint - s3.ca-central-1.amazonaws.com

eSentire MDR for Endpoint - s3.ca-central-1.amazonaws.com

Documents
Deception Techniques Using Honeypots

Deception Techniques Using Honeypots

Documents
2020 eSentire Threat Intelligence Spotlight: United Kingdom · 2020 Sentire hreat ntelligence potlight: .K. June 2020) 3 Foreword In the eSentire 2019 Annual Global Threat Intelligence

2020 eSentire Threat Intelligence Spotlight: United Kingdom · 2020 Sentire hreat ntelligence potlight: .K. June 2020) 3 Foreword In the eSentire 2019 Annual Global Threat Intelligence

Documents
Modeling Malware-driven Honeypots · PDF fileTRUSTBUS 2017 Honeypots § Honeypots: what are they used for ? – All traffic received in them are considered suspicious. – Replicate

Modeling Malware-driven Honeypots · PDF fileTRUSTBUS 2017 Honeypots § Honeypots: what are they used for ? – All traffic received in them are considered suspicious. – Replicate

Documents
eSentire Annual Threat Intelligence Report...2019 eSENTIRE ANNUAL THREAT INTELLIGENCE REPORT: 2019 PERSPECTIVES AND 2020 PREDICTIONS eSentire Managed Detection and Response (MDR) is

eSentire Annual Threat Intelligence Report...2019 eSENTIRE ANNUAL THREAT INTELLIGENCE REPORT: 2019 PERSPECTIVES AND 2020 PREDICTIONS eSentire Managed Detection and Response (MDR) is

Documents
Honeypots and Honeynets

Honeypots and Honeynets

Documents
Use Honeypots to KYE

Use Honeypots to KYE

Documents
Honeypots and Honeynets

Honeypots and Honeynets

Documents
GRIS - Introdução a Honeypots

GRIS - Introdução a Honeypots

Documents
TESTING DECEPTIVE HONEYPOTS - CORE

TESTING DECEPTIVE HONEYPOTS - CORE

Documents
eSentire Managed Detection and Response...eSentire Managed Detection and Response Services Guide Get the whole MDR. Everyone else is just selling parts. Full threat visibility. Rapid

eSentire Managed Detection and Response...eSentire Managed Detection and Response Services Guide Get the whole MDR. Everyone else is just selling parts. Full threat visibility. Rapid

Documents
Honeypots & Honeynets - wiki.apnictraining.net

Honeypots & Honeynets - wiki.apnictraining.net

Documents