Defcon 2007: The Wi-Fi honeypot from hell

Las Vegas (NV) – Wireless security researchers are probably reaching for the digital Pepto-Bismol after they slurped down gigabytes of valuable traffic at the recently completed Defcon security convention in Las Vegas. A group of wireless hackers calling themselves the “Church of the WiFi” built a multi-router honeypot which captured gigabytes worth of port scans, man in the middle attacks and even some zero-day techniques.

The honeypot was made from eight Linksys wireless routers – the same kind you would find at the local retail store – along with Linksys switches. The routers were set to cover separate wi-fi channels and fed the data into the switches and out to a computer sniffer.

Security researcher Rick Mellendick built the honeypot as part of a wireless challenge that pitted participants against a heavily fortified web server. By hacking through tiers of security like WEP and WPA, Mellendick hoped that attendees could build up valuable hacking skills.

Mellendick told us that the attackers threw almost every attack in the book against his routers and servers. All the attacks were recorded and more than 60 GB worth of data was sniffed, according to Mellendick.

“It’s a lot of interesting data to go through. There were even attacks that I’ve never seen before,” he said, referring to so-called “zero-day” attacks that have no known defense.

Interestingly enough, even though the Linksys routers are designed to be stacked, Mellendick told us that he still had a lot of problems with heat. One of the routers even overheated into oblivion and had to be replaced.

“They’re getting real hot. Some of them reached 150 degrees,” he said. Thermo-regulated fans were placed on top of the routers to keep things cool.

Mellendick hopes to improve his honeypot by adding a one-kilowatt battery pack and shrinking the setup to fit inside of portable cases. “These routers are great for penetration testing. I just need to get them into some Pelican cases,” he said.