Tag Archives: honeypot

WiFi-Honeypot. #KeepCalmAndAnalyze

Step 0 – Create a new and updated infrastructure – migrate your connected devices.
Step 1 – do not update the infrastructure (the ‘broken’ one).
Step 2 – Isolate the infrastructure (meaning – place into a ‘pot’ mode with fake targets all over).
Step 3 – setup recording / detection of all things related to that part of the infrastructure.
Step 4 – monitor actions, step 1-3 and the possible broken part of WPA2 simply is a the entry-point.

Perhaps an exception of providing wireless access to resources would be a possible step 0 – but don’t just turn it off, make sure that the new way of connecting is communicated and understood.

In essence, WPA2-breakdown is like your locked cabinet of entry point for the network just gave away a way in to that specific portion.
It does not have to mean that all things are exposed. It has not broken the protocols that are in use (but they may already have their specific portion broken). You are not completely naked here.

What would be the general idea here? To always keep all things ‘up-to-date’ and isolated in the term of knowing how and where things communicate, separation of duties and communication still holds. Isolation in the world of connections means that you do not allow all things know or reach everything else of your infrastructure, ever.

The best part of this, is that sites/companies/entities can now detect (possibly) what kind of targets they are.
Is the attack general?
Just recon?
Already targeting specific (previously reachable) resources?
Someone trying to use you as a base of attack for another target?

Use this as an oppertunity, instead of doom.

My viewpoint here is – if you already have a wireless network attached to your infrastructure, you should already have isolated and made infrastructural decicions on access. There is no reason to go all in bananas because one of your entry points that already are a physical weakpoint might be now a even more broken entry point.