[geeks] Now GEEKS [rescue] Replacing ... laptop firewalls

[Sheldon T. Hall]

Quoth Jonathan J. M. Katz ...

> I was bored one night in my hotel and broke out Nessus. Just a simple
> scan of the hotel class C (192.168.x.0/24.) I've been staying in this
> hotel since January.
> 
> I was floored. Things I found included...
> ... laptops that were wide open (Macs and PCs both.) Not just
> unpatched XP, but wide-open anonymous shares and client software with
> default login privs posted: http://vote4katz.com/?p=70
> ... hotel workstations that were connected to corporate hotel networks
> on the same "open" LAN that guests are on (no segmenting.)
> 
> I'm debating the ethics of breaking out snort on my laptop (on the
> wired guest network) not to be evil, just to see what worm activity
> exists.

I expect you'll find lots.

I've done the same thing, i.e. scanned the local network in a hotel, and
found an amazing variety of open stuff.  I would expect that any machine
with an open share or other vulnerability is infected, if only because its
owner runs around plugging it into networks rife with other vulnerable
machines.  Much like catching the clap in the average hippie commune of the
'sixties, only quicker, and not as much fun.

Sorta reminds me of the Windows Messenger Spam days ... a friend used to go
to local coffee places frequented by the young and lovely, and scan-spam the
local network with messages that said "Tired of getting messages like this?
Raise your hand; I'll come over and fix your computer."

He said it was even better than his previous ploy, Tyvek business cards that
said "If you don't want to sleep with me, just tear up this card."

-Shel