The recent discussions on honeypots got me thinking - has anyone modified a wireless AP in a way to make it look like another device? A multi-function printer perhaps? (If the answer is "It's in Paul's book" - I will go out and purchase it right away ;-)
What if: You could leave telnet open to allow logons to actually manage the AP (you would have to pick a print server that requires a logon, so it would look legit), from there, you would need to modify OpenWRT to run: FTP/21 - allow anonymous logons, set up the folder structure, change the banner HTTP/80 - Mirror the status pages from a typical print server TCP/515 - lpd TCP/631 - ipp TCP/9100 - lpd / jetdirect You would also need to change the MAC address to the vendor ID of the device you're emulating. If you wanted to get really crafty, you could figure out a way to forward packets sent to 515,631 and 9100 to forward to an actual network printer on the same subnet. Let's say you did all of those things - think you'd be able to fool nmap's service fingerprinting? What if you found a match between a printer and AP, so that they're running a similar embedded linux kernel - that would fool nmap's TCP fingerprinting, right? I don't have a WAP readily available, nor the time in the next few months to hack something together, but if anyone else is headed down this road, I'd be interested to know. -- - Chris Merkel
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
