This was not a remote attack, at least not the initial attack <setting up the AP> That was a physical, access to the site directly walking in the door attack. Certainly not an issue with a publically open port that was being stepped upon, not until the AP was placed, and then seems to have been accessed by those that placed it. this is a physical security issue if I read the original report properly.
Than again, perhaps I misread... Thanks, Ron DuFresne On Tue, 13 Jan 2004 [EMAIL PROTECTED] wrote: > Without access to the entire article or knowing more than the media writes > it's really not possible to tell. But from what you've posted. That is > an interesting story. With some configuration networks can be somewhat > secure. But leaving a port wide open to the public is not the best > physical security. I have seen this in hospitals. The hospital remodels > a public area but somehow leaves ports accessible to the public. I've > often thought that it would probablly be pretty easy for someone to say > purchase a wireless AP (pretty inexpensive these days) sit in the public > area (i.e. waiting room) with a laptop or PDA, connect to the AP and start > surfing. > > This of course would require a bit of knowedge but not much. > > Frank Kenisky IV, CISSP, CISA > Information Technology Security Specialist > 210-301-6433 > > > > [EMAIL PROTECTED] > 01/13/2004 03:10 AM > > To > [EMAIL PROTECTED], [EMAIL PROTECTED] > cc > [EMAIL PROTECTED] > Subject > RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] > > > > > > > > -----Original Message----- > > From: Gadi Evron [mailto:[EMAIL PROTECTED] > > Sent: 11 January 2004 04:07 > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: [Fwd: [TH-research] OT: Israeli Post Office break-in] > > > > > > I thought this story might interest some of you. See > > forwarded message > > below. > > > > Gadi Evron. > > > > > > Date: Sat, 10 Jan 2004 19:23:15 -0800 > > From: Gadi Evron <[EMAIL PROTECTED]> > > To: th-research > > Subject: [TH-research] OT: Israeli Post Office break-in > > > > > > Mail from Gadi Evron <[EMAIL PROTECTED]> > > > > This is completely off-topic, but very interesting. > > > > Apparently there was a break-in in a branch of the Israeli > > Post Office. > > > > The offenders placed a wire-less gateway connected to a switch inside, > > and through it stole a few tens of thousands of Shekels in > > the few days > > they were in operation (the Israeli Post Office is a sort of > > a small bank). > > > I can't resist any longer. I have to ask a few questions. > > 1. How did they know which switch to connect to? Wouldn't this require > some > knowledge of network topology. > 2. If it is indeed a switch and not a hub, how did they obtain access to > set > this port to monitor traffic? > 3. How did they get access to the switch. Shouldn't it have been locked > away. > 4. How did they convert electrons to money? Was this by raiding bank > accounts or collecting credit card numbers? > 5. How could they be unable to hide a WAP in a rack (assuming the switch > was > in a rack)? I can think of several ways to hide one without it being > visible. > > Seems like a bit of an inside job to me, but I'm no Dick Tracy... > > - > John Airey, BSc (Jt Hons), CNA, RHCE > Internet systems support officer, ITCSD, Royal National Institute of the > Blind, > Bakewell Road, Peterborough PE2 6XU, > Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] > > Even if you win the rat race, that will still only make you a rat. > > > > - > DISCLAIMER: > > NOTICE: The information contained in this email and any attachments is > confidential and may be privileged. If you are not the intended > recipient you should not use, disclose, distribute or copy any of the > content of it or of any attachment; you are requested to notify the > sender immediately of your receipt of the email and then to delete it > and any attachments from your system. > > RNIB endeavours to ensure that emails and any attachments generated by > its staff are free from viruses or other contaminants. However, it > cannot accept any responsibility for any such which are transmitted. > We therefore recommend you scan all attachments. > > Please note that the statements and views expressed in this email and > any attachments are those of the author and do not necessarily represent > those of RNIB. > > RNIB Registered Charity Number: 226227 > > Website: http://www.rnib.org.uk > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
