14-02-2013, 03:44 PM
HoneySpot: The Wireless Honeypot
1HoneySpot.pdf (Size: 1.05 MB / Downloads: 52)
INTRODUCTION
Wireless technologies drive our world, a world without cables where information is available from anywhere at
anytime. The huge expansion of wireless technologies, and specifically 802.11 wireless data networks, in the last
years have provided a new battle field for information access. It is hard to find a place today in the main cities and
surrounding areas of most first-world countries where there are no wireless data networks spreading around. End
users and corporations are heavily interested in taking advantage of the flexibility, mobility and freedom offered by
wireless technologies to access and share information. These allow connecting to data networks, like the Internet.
Along with this freedom, though, come security issues that must be thoroughly understood and addressed.
Since its origins in 1999, when the Honeynet Project (www.honeynet.org) was founded, honeypot and honeynet
solutions have been extensively used to monitor the attacker’s activities in different IT environments. These
solutions have evolved to offer support for multiple technologies, from pure TCP/IP network communications to
more advanced application-level or focused attacks, such as Google hacking attacks or attacks against SCADA
infrastructures. Surprisingly, honeypot solutions have not been widely applied to wireless technologies. This
implies that there is a significant lack of knowledge about the current state-of-the-art of wireless attacks effectively
used to break into wireless networks. Only after a wireless security breach, like in the famous TJX case [1] where
WEP vulnerabilities lead to the biggest public theft of credit card numbers in history, it is possible to get more
details about the real methods currently used by the attackers.
Due to the exponential usage of wireless equipment and technologies today, it is required to get an in-depth
knowledge about the real exploitation vectors currently used to compromise wireless networks. Trying to fill this
knowledge gap, the main goal of this research is to analyze the state of real life wireless hacking, and introduce and
promote the design and deployment of wireless honeypots.
WIRELESS HONEYPOTS HISTORY
Kevin Poulsen published in 2002 one of the first news about the existence of wireless honeypots [2], a new way of
trapping hackers, covering what was called the first organized wireless honeypot. The Wireless Information
Security Experiment, or WISE, was launched in June 15th, 2002, by Science Applications International Corporation
(SAIC) in Washington DC (US). The focus of this initial research was driven by the inherent insecurity of wireless
networks at that time, and the fact that most them were deliberately open. Unauthorized network access, use, and
eavesdropping, were and, are still today, the major threats against wireless networks.
WISE, leaded by Rob Lee 1, was “an 802.11b network based at a secret location in Washington D.C. and dedicated
to no other purpose than being hacked from nearby.”, and closely monitoring the attacker’s activities. At that time
the concept of client honeypots didn’t exist, so “like conventional honeypots, the WISE network has no legitimate
users, so anything that crosses it is closely scrutinized.”
At the end of 2002, other organizations like Tenebris published the results of collecting data from a wireless
honeypot [3] deployed in Ottawa (Canada), and confirmed the huge war driving activity taking place at that time,
and the existence of targeted intrusions. There are just a few references in 2003[4], 2004 [5] and 2005 [6],
covering the results of wireless honeypots deployments around the city of London, promoting the idea of using
wireless honeypots as a deception mechanism, and investigating the unauthorized use of wireless networks in
Adelaide (South Australia), respectively.
HONEYSPOT: DEFINITION AND TAXONOMY
The research presented in this paper is focused on introducing and analyzing the options available for the design
and implementation of a wireless honeypot. Specifically, the paper goes in depth into WiFi honeypots, that is,
honeypots for wireless data networks, or local area networks (LAN), based on the IEEE 802.11 standards. Similar
ideas as the ones presented can be applied to other wireless technologies, such as MAN/WAN wireless
communications based on WiMAX, or personal wireless communications (PAN) based on Bluetooth.
SUMMARY
Wireless technologies are the fastest growing segments of today’s telecommunications and computing industry.
The ubiquity of wireless networks, both in enterprises and at home, makes extremely important to evaluate and
accommodate the security mechanisms currently available to the real threats and attacks. This paper defines
HoneySpots, its objectives and taxonomy, and provides an overview of the main considerations and requirements
from a design and architectural perspective.
HoneySpots are targeted to research the real security threats associated with the continuous growth and
consolidation of wireless networks in the enterprise and home worlds. Few organizations deploy specific wireless
IDS systems, so most of the wireless attacks go unnoticed. One of the goals of this research is to create awareness
about the current wireless threats and promote the need to monitor the wireless networks and the RF spectrum.
The conclusions will help improve the defenses used to protect wireless networks.