OP; you scanned inside a hotel, the guest/customers side of the networks of these type of GUEST setups is very low key on security on purpose...but the hotel chains private business network is rock solid...you never got into that, nor saw it in a scan... OP did everything right, scanned and hid like a good security guru should..but didn't think of the bigger picture..that the important side of the network would be safe, hidden. If you want to warn the hotel chain, maybe a suggestion of having them post internet security warnings to the guest, that the network is not protected, and they should turn on their 'software' based firewalls or use a VPN to work with their home offices. I'm a *retired CIO/IT-Manager/Sys-Admin that holds a Gold Partner membership with Microsoft, helped write the revised A+ test, and taught at a few universities (IT security courses of course)..so I have a clue... wish I could go back to teaching...was a nice bit of change they paid... *retired due to disabilities
@Feanor: I highly doubt they use good passwords for their SSH access, and if I really wanted to I have an incredible custom coded SSH bruter that would wreck this.
That is true, I didn't really think of their internal network, was just concerned with the public facing part. I walked around the hotel, and they have groups of computers than connect to the internet, and have no form of Anti-Virus on them. Very easy for one to USB infect XD Damn you are well talented 0_0
Just one example. Plenty of layers of security other than firewalls blocking TCP and UDP ports can protect them. Another example as cwall pointed out is VLANs that segregate their corporate computers from public computers. Or, in some cases, antivirus may not be used because the PC is re-imaged on a regular basis. Anyway you probably know all this, just a reminder because nobody can think of everything at once
I was joking with my last post but op there not.gonna have credit card info on the same network they have unprotected open for the whole world to see. They'll have the one for guests and a secure one for their real business. Edit: Should have read newer posts before posting.again
Yes packet sniffing is illegal, however fun. It's always funny to open peoples facebooks and talk to people. It would be stupid to do anything else with that information. Yes you should tell the desk to upgrade their security.
it's hard to say; i had a credit card number of mine stolen after staying at a kalahari over easter last year. and i didn't even use it, except for paying a room charge. honestly, i would go to the regional manager and report it. you could probably get hired on to the IT dept if you go high enough. gray hat's where it's at lately
[quote name='"dawnofwar"']Alright guys, so I'm staying at a hotel right now, not gonna say which one. I've basically done some security testing, they have a couple of critical open ports, FTP, and SSH open, unfiltered, able to be fucked over. I've tried packet sniffing on their network, to see if they encrypt their traffic at all, and of course they don't... Which is incredibly stupid seeing as this is a huge hotel, and there is a potential treasure trove of information waiting for a person with malicious intent to come along. I feel like going down to the office, and asking to speak with the hotel manager, and give them some tips on how they can improve their security. As I'm sure their reception desk uses the same wifi, so if they scan credit cards or what not, and transmit them over the wifi.... Well I'm sure you will know what can happen. However I took a look at their TOS regarding internet usage, and it looks like what I'm doing is Illegal, even though I have non-malicious intent. I am not sniffing their network anymore, and not attempting to break into their open ports. However being in the US on vacation, and not being a US citizen, I don't really feel like putting myself in danger. So what do GC, this is a multi-billion dollar hotel chain, that has very critical security flaws just out in the open. I've done this sort of thing before and have been threatened to be arrested and tried in court. The main difference is that I wasn't at the actual location, and was hiding myself. Anyone telling me to go malicious: Suck a dick.[/quote] Man I would love for someone to explain what any of this means lol!