Sounds interesting, well thought out. As for your redirects, a few IPTABLES commands would take care of that one, easy as pie... er well the crust is rather hard to make.. so I hesitate to use that expression ;P
Enabling logging on the port activity and would be wise/useful as well. BTW: Watch Wolverine Origin, it's freaking great! HAHAHA Just got a message: Back of the shirt: www.thepiratebay.org .... Front of the shirt: http://tracker.btarena.org/ Jay On Tue, Aug 25, 2009 at 10:45 AM, Chris Merkel <[email protected]> wrote: > The recent discussions on honeypots got me thinking - has anyone modified a > wireless AP in a way to make it look like another device? A multi-function > printer perhaps? (If the answer is "It's in Paul's book" - I will go out and > purchase it right away ;-) > > What if: > > You could leave telnet open to allow logons to actually manage the AP (you > would have to pick a print server that requires a logon, so it would look > legit), from there, you would need to modify OpenWRT to run: > FTP/21 - allow anonymous logons, set up the folder structure, change the > banner > HTTP/80 - Mirror the status pages from a typical print server > TCP/515 - lpd > TCP/631 - ipp > TCP/9100 - lpd / jetdirect > > You would also need to change the MAC address to the vendor ID of the > device you're emulating. > > If you wanted to get really crafty, you could figure out a way to forward > packets sent to 515,631 and 9100 to forward to an actual network printer on > the same subnet. > > Let's say you did all of those things - think you'd be able to fool nmap's > service fingerprinting? What if you found a match between a printer and AP, > so that they're running a similar embedded linux kernel - that would fool > nmap's TCP fingerprinting, right? > > I don't have a WAP readily available, nor the time in the next few months > to hack something together, but if anyone else is headed down this road, I'd > be interested to know. > > -- > - Chris Merkel > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
