Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Every Ethernet device has a unique MAC address. If you document every MAC address of all your company's legitimate systems and devices, then any unknown MAC address will be a rogue device. Tracking them down should then be fairly straightforward. On Wed, Nov 2, 2011 at 2:19 PM, Matt Shields <matt at mattshields.org> wrote: > On Wed, Nov 2, 2011 at 2:05 PM, Gregory Boyce <gboyce at badbelly.com> wrote: > >> On Wed, Nov 2, 2011 at 1:10 PM, ?<markw at mohawksoft.com> wrote: >> > At my work, here are a few vending machines. One of these machines has a >> > nice little antenna on it. Presumably, it communicates via cellular >> > network to the vendor in order to report on usage and supplies. Yes, good >> > idea. Cool. >> > >> > It occurs to me that this machine, most likely, did not have to go >> through >> > any vetting. Not only that, I bet the grunts that stock these machines >> are >> > hired more for strong backs and no criminal record. >> > >> > So, here we have a powered machine with external wireless connectivity on >> > the premises with no actual over site. It is there 24x7, powered! >> > >> > Think of all the cool/evil things you could put in a vending machine with >> > a wireless link. Imagine having direct access to a Linux box in almost >> any >> > company you want. You could run any software you want. You could have >> > wi-fi too. Could you break the company's wireless security? Could you >> > monitor their wireless communications? Could you eaves drop on >> > conversations near by? >> > >> > Everyone suspects the cleaning crew, and if you are interested in >> > security, you do background checks. Almost no one cares about the vending >> > machines. >> >> There's nothing that device can do to your wilreless network that a >> person with a directional antennae can't already do. ?As long as you >> don't plug it into your internal network, you're not worse off. >> >> As for the eavesdropping, you wouldn't need an obvious antennae for >> that. ?There could be a camera or microphone in older vending >> machines, televisions, coffee machines, fridges, ceiling tiles or even >> a cabinet. ?These could have less obvious antennas or hey, just have >> the recordings picked up occasionally during maintenance. >> >> There's an infinite number of things that "could" happen. ?You need to >> consider the likelihood and impact of those sorts of attacks. ?In most >> cases the likelihood is minimal. ?Impact is probably minimal as well >> unless its in the board room. >> _______________________________________________ >> Discuss mailing list >> Discuss at blu.org >> http://lists.blu.org/mailman/listinfo/discuss >> > > I think his point was more that these "smart" vending machines are becoming > more commonplace. ?Even these days companies put ethernet jacks in the > kitchen, so what *if* someone who was malicious put something inside a > vending machine and plugged it into your network. ?Or what if it had > camera/microphone, most people talk shop even in the kitchen. > > Speaking of that, I remember a few years ago a company I was at talking > about checking ethernet jacks periodically to make sure no devices were > plugged in that shouldn't be. > > Matthew Shields > Owner > BeanTown Host - Web Hosting, Domain Names, Dedicated Servers, Colocation, > Managed Services > www.beantownhost.com > www.sysadminvalley.com > www.jeeprally.com > Like us on Facebook <http://www.facebook.com/beantownhost> > Follow us on Twitter <https://twitter.com/#!/beantownhost> > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss > -- John Abreau / Executive Director, Boston Linux & Unix Email jabr at blu.org / WWW http://www.abreau.net / PGP-Key-ID 0xD5C7B5D9 PGP-Key-Fingerprint 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |