cmu wifi map

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

cmu wifi map

Sven Gato Redsun
This map shows the location of all WiFi users on the CMU campus. (requires Flash)
   http://cmusky.org/map_usercentric.html

-Sven-

Reply | Threaded
Open this post in threaded view
|

cmu wifi map

Keith Hunter
Wow!  If you can now tell me which dot is me I am going to get very
afraid...

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On
Behalf Of Sven Gato Redsun
Sent: Thursday, November 13, 2003 6:12 PM
To: [hidden email]
Subject: [FRIAM] cmu wifi map


This map shows the location of all WiFi users on the CMU campus.
(requires Flash)
   http://cmusky.org/map_usercentric.html

-Sven-

============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9AM @ Jane's Cafe
Lecture schedule, archives, unsubscribe, etc.: http://www.friam.org



Reply | Threaded
Open this post in threaded view
|

cmu wifi map

Stephen Guerin
It doesn't appear to give identifying information, but I suspect you're the
dot that keeps getting escorted from the women's dorms to the security
station ;-)

____________________________________________________
http://www.redfish.com    [hidden email]
624 Agua Fria Street      office: (505)995-0206
Santa Fe, NM 87501        mobile: (505)577-5828

> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]]On
> Behalf Of Keith Hunter
> Sent: Thursday, November 13, 2003 4:23 PM
> To: 'The Friday Morning Complexity Coffee Group'
> Subject: RE: [FRIAM] cmu wifi map
>
>
> Wow!  If you can now tell me which dot is me I am going to get very
> afraid...
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On
> Behalf Of Sven Gato Redsun
> Sent: Thursday, November 13, 2003 6:12 PM
> To: [hidden email]
> Subject: [FRIAM] cmu wifi map
>
>
> This map shows the location of all WiFi users on the CMU campus.
> (requires Flash)
>    http://cmusky.org/map_usercentric.html
>
> -Sven-
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9AM @ Jane's Cafe
> Lecture schedule, archives, unsubscribe, etc.: http://www.friam.org
>
>
>
> ============================================================
> FRIAM Applied Complexity Group listserv
> Meets Fridays 9AM @ Jane's Cafe
> Lecture schedule, archives, unsubscribe, etc.:
> http://www.friam.org
>
>


Reply | Threaded
Open this post in threaded view
|

cmu wifi map

Parks, Raymond
In reply to this post by Keith Hunter
Keith Hunter wrote:
> Wow!  If you can now tell me which dot is me I am going to get very
> afraid...

   Well, now you've challenged me.

   First, I need access to the web-server (and backend database) so I
can find all the dots.  Since the web-page was created with Fireworks MX
and Dreamweaver MX it was probably created on a Windows box (there's
also a Mac version of this software).  I'm at work, so the proxies
prevent me from determining the type of web-server, but let's say for
argument that if the developer uses Windows, the web-server is also
Windows.  If the admin hasn't kept up their patches, they should still
be vulnerable to the Front-Pages Extensions exploit, which gives me
remote access as the web-server user.  I can probably obtain everything
I need to know as the web-server user, but I can always get system/root
access via a local privilege escalation.
   Next, I need access to the Wireless Andrew network so I can sniff
your traffic.  Since Wireless Andrew is open, I just need to war-drive
the campus to pick up traffic.  If I need to do this remotely, I could
place a few sniffers around the campus that report back to me via their
own wireless connection to a wired access point.  Since the Apple
AirPort Base Station is banned from campus, I suspect that I could use
one either to power my sniffer wireless network or even to divert
traffic and analyze it for user authentication information.  I think
that gaining direct access to Wireless Andrew should be doable [1].
   With knowledge of the user accesses and nodes of Wireless Andrew from
the web-server, I should be able to match traffic to dots.  Scanning the
traffic for simple identifiers such as your email address or name should
make it possible to find you.
   If I can divert your traffic through an Apple AirPort Base Station, I
should be able to not only track you but to become you, stealing your
virtual identity.
   To summarize - first get access to the dot database, next sniff
traffic for user identification, then associate the two.  There's a host
of alternative attacks as well as alternate attack steps.  For instance,
an alternate attack might involve gaining direct access to the NetMon
systems via MySQL, Apache, or mod_perl vulnerabilities and then monitor
you directly.  Since the network admins can monitor you, I just need to
become a network admin.

1. Wireless Andrew's security model requires that a user authenticate
via AuthBridge (which passes the authentication on to NetReg).  The
on-line documentation is not clear on what is required to register a
system, but there is no mention of security features such as one-time
password generators.  So, I think some social engineering to gain a
user's authentication information would allow registration of rogue
systems in that user's name.

   The on-line documentation of Wireless Andrew, AuthBridge, and NetReg
were very useful in understanding how to perform this attack.

--
Ray Parks                   [hidden email]
IDART Project Lead          Voice:505-844-4024
IORTA Department            Fax:505-844-9641
http://www.sandia.gov/idart Pager:800-690-5288



Reply | Threaded
Open this post in threaded view
|

cmu wifi map

Roger Frye
If you are using, an AmBit Wireless Access Card, then you are in the
Purnell Center for the Arts, but if you are using a Lucent or a Xircom
or an Intel, then there are too many others with the same card.  Click
on a building to see the breakdown by access cards.
-Roger