Forgot your password?
typodupeerror
The Internet Security Wireless Networking Technology

Sniffing the Wireless Traffic of MIT Students 218

Posted by CmdrTaco
from the guess-who's-back dept.
An anonymous reader writes "Someone got permission to sniff the wireless traffic during an MIT class. The professor: none other than Robert Morris, creator of the first Internet worm! The lecture: computer security! I love it."
This discussion has been archived. No new comments can be posted.

Sniffing the Wireless Traffic of MIT Students

Comments Filter:
  • by Anonymous Coward on Thursday May 20, 2010 @12:02PM (#32281506)

    Highest number of packets: MDNS (Multicast-DNS, Zeroconf) with a whopping 30% of all packets. Because computer Barbie says: Configuration is hard.

    • by Itninja (937614)
      But the case is so pretty. I...can't...stop....must...resist....
    • by ThrowAwaySociety (1351793) on Thursday May 20, 2010 @12:29PM (#32281992)

      Highest number of packets: MDNS (Multicast-DNS, Zeroconf) with a whopping 30% of all packets. Because computer Barbie says: Configuration is hard.

      *rolls eyes* Yeah, what's with kids these days and their automagical service discovery.

      Back in my day, we manually entered protocol names and IP addresses. Forget zeroconf, we didn't have DNS. We kept a list of IP addresses in a text file on our systems. And if we didn't know the IP address, we went out and walked over to the datacenter, uphill, both ways, in the snow, and we wrote it down using our own blood for ink so we wouldn't forget it.

      And we liked it that way!

      • Mmmmmm... now that's good sarcasm!{/Jon Stewart}
      • by natehoy (1608657) on Thursday May 20, 2010 @01:24PM (#32282846) Journal

        Now get the hell off my LAN! :)

      • Excellent rant, but you forgot to tell us to get off your lawn.

  • by Anonymous Coward

    You state:
    "Robert Morris, creator of the first internet worm!"

    You are obviously unaware of The “worm” programs—early experience with a distributed computation [acm.org]

    I hope this helps your reference callouts.

    Yours In Akademgorodok,
    Kilgore Trout, C.I.O.

  • I haven't been to university for 9 years, but are students really using laptops during class???
    • by Ephemeriis (315124) on Thursday May 20, 2010 @12:08PM (#32281606)

      I haven't been to university for 9 years, but are students really using laptops during class???

      Laptops, netbooks, smart phones, tablets... Yup.

      In theory they're typing notes or recording the lecture or something.

      In practice, I suspect it is more of a distraction than anything else.

      • Re: (Score:3, Insightful)

        by yo_tuco (795102)

        "In theory they're typing notes or recording the lecture or something.

        In practice, I suspect it is more of a distraction than anything else."

        Not much different than when we were bored with a lecture and played hangman on our HP41C calculators back in the 80's.

      • Re: (Score:3, Interesting)

        by korean.ian (1264578)

        Only a distraction if you let it be. Returning to school this year, I use my notebook to take notes in all my classes except econ, because graphing is not much fun in TextEdit.The notebook is pretty valuable, although I suspect it would be of less use in a science/maths lecture. Easy text formatting for highlighting different pieces of information within the structure of the notes, useful for looking up relevant information, and of course I can type faster than I can write, so while putting down the import

      • by StikyPad (445176)

        Ah, so just like work then.

      • I suspect it is more of a distraction than anything else.
        And a way to stay awake.

      • by Timmmm (636430)

        Only in America. Nobody does in the UK. (Ok, there are always a few idiots...)

        Then again, we got fill-in-the-gaps style handouts in our (Cambridge Engineering) lectures. Sounds silly but it was actually really good, for the following reasons:

        1. Keeps you awake and concentrating - if you don't listen you don't get complete notes.
        2. There's no way you could reproduce the volume of material gone through in the lectures.
        3. You can draw diagrams - try doing that in real time on a laptop.

    • by Monkeedude1212 (1560403) on Thursday May 20, 2010 @12:09PM (#32281618) Journal

      In my class 2 years ago, it was pretty much mandatory. Prof would be walking you through a PHP script for logging onto the server. If you weren't following along, you were considered not learning the skill.

      In this way, the prof could look around at everyones laptop. He'd be able to see how people coded differently, and give suggestions on how to either improve their style, or what languages they'd be most comfortable in, what editor they might like, etc etc. It went beyond simple reading of the code, it was an inspection of how you wrote the code you did, and I found it very helpful.

      • by HeckRuler (1369601) on Thursday May 20, 2010 @12:50PM (#32282320)
        That sounds awesome. A hell of a lot better then my ComSci department that made us write out code on paper for the tests.
        • Oh I'm in comp sci now and we still have to do tests on paper.
          If anything we do use the computer labs for tests less than most of the rest of the science faculty.

          Though to be fair we're also far more likely to figure out how to bork the system to cheat which would only be fair in a security exam.

        • He was an amazing Prof, and a good deal of them were similar, it was a small classroom of about 40 folks, unlike the 100 person lecture halls at Universities. Thats why I prefer the Polytechnic. It might not be as impressive on the resume but its hands on training that companies can respect if their HR department is smart.

          Don't get me wrong, there is always that one prof no one likes. I remember learning how to use VB in Excel... As if that class wasn't bad enough, we had an old military commander who would

        • Re: (Score:3, Insightful)

          by ceoyoyo (59147)

          Coding on paper makes you a better coder. Be thankful you had a CS department that made you do that. Few do anymore.

      • what languages they'd be most comfortable in,

        And here I thought programmers were meant to be versatile, and chose the best language for the task at hand.
        At least, that's the utopia we should be teaching students when they're just starting out, surely ;)

    • Re: (Score:2, Interesting)

      by gront (594175)
      Yes. Absolutely.

      http://www.washingtonpost.com/wp-dyn/content/article/2010/03/08/AR2010030804915.html?hpid=topnews&sid=ST2010030805078

    • Re: (Score:2, Informative)

      son, I was in university 10 years ago using my laptop in class. it's great for taking notes, though i am more jealous of kids nowadays because they have tablets and ipads. how i would have killed for that instead of using a wacom tablet and a laptop....

      it was also to disguise the fact that i was writing video games in my intro to computer architecture classes
      • This is beside the point, but I found standalone Wacom tablets to be a lot more accurate (not to mention calibration-free) than Wacom Penabled tablet PCs as recently as 3-4 years ago. Has much changed since then? Touch screen navigation is one thing, but when I needed pixel-precise accuracy (for graphics and photo editing), I found that the tablet PC's screen simply could not do the job and I resorted to the drawing tablet.

        • by MoonBuggy (611105)

          I'd be very surprised if Wacom were willing to cannibalise sales of the Cintiq range by putting equivalent quality digitisers in tablet PCs.

          They don't even seem to make it particularly well publicised which laptops are using their brand of digitisers, which to me seems as though they want the money for the hardware without risking brand erosion from a lower quality product.

    • by rwa2 (4391) *

      Probably not anymore... now if you had a CDMA / GSM / EDGE 3G sniffer, that might be entertaining nowadays...

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Yes, and despite your skepticism, it's actually useful:
      -Take notes
      -look up a reference that the prof didn't bother to explain
      -If you're bored, you can pay half attention instead of just falling asleep.

      Mind you, like the rest of college, you get out of class what you put into it. There are certainly kids who go to class for attendance points and spend all period playing farmville.

      • Re: (Score:3, Insightful)

        by HeckRuler (1369601)
        Yeah, I can type a hell of a lot faster then I can write. And I can actually read it afterward!
    • Re: (Score:2, Informative)

      by Hunter0000 (1600071)

      Speaking for myself, I find them a good distraction during mandatory classes with professors I have already discovered can't teach whatsoever and I am better off reading the book (and sometimes I do that instead of use a laptop). For those who can though, I never do.

      At least at my uni you can usually tell how respected the professor is by how many laptops/iPhones/random gadgets are being used in-class.

      • by Bakkster (1529253)

        At least at my uni you can usually tell how respected the professor is by how many laptops/iPhones/random gadgets are being used in-class.

        Or, at least how easy the class is. I knew 90% of the subject matter in my physics and chemistry classes, yet was forced to attend physics by electronic attendance. I just distracted myself until there was an interesting demonstration or an interactive question for participation points.

    • Yeah, sure, why not? If you can't keep attention, that's your problem.
    • At my maths course in the UK there are two people who use laptops in lectures, one is a laptop which converts into a tablet so the guy takes note with a stylus. Then other guy types the notes up using Word 2007. Everybody else uses paper. The only exception is the computing course (introductory programming) where a lot of people had laptops and which were recommended.

    • by cgenman (325138)

      When you're not taking class in a room full of computers. All of my grad classes have involved desktops in front of us. Add to that students who have both laptops and iphones / androids out in front of them, and you have a pretty wired group. iPads are just starting to filter in, but look perfect for keeping up with information.

      They're great for taking notes on. You can take some detailed notes, then send them around to absent students after class, or search your notes for snippets. Eight months later

    • You should go take a class (any class), and sit in the back. I've seen people browsing ESPN for the whole lecture, playing Flash games, reading the news, voting on $HOT_OR_NOT_CLONE, looking at page after page on $PICTURE_CAPTIONING_SITE, you name it.

      For bonus entertainment, try to get in on study groups with these same people to hear them gripe about how hard it is to learn the course material.

    • It is far more common now...

      I Graduated from my Undergrad about 9 years ago too. The people who actually used their laptops during class were considered arrogant rich snobs. Who just wanted to show off their bling. Most students didn't have laptops, it was only reserved for either the Arrogant Rich Snobs or the people who live so far away from the college that they need to fly to school so they have a small computer to bring. The really techie people of the time had the huge desktop towers 2 feet tall

    • by pjt33 (739471)

      I graduated from university 8 years ago and already some people were using laptops during lectures. Not just CompScis either.

    • by pluther (647209)

      Hell, I was using a notebook (as we called 'em back in Ye Olden Days) computer in class back in 1990, and I wasn't the only one.

      No wireless, though, so I didn't surf the web with it.

      No web either, come to think of it...

  • by zero_out (1705074) on Thursday May 20, 2010 @12:13PM (#32281694)
    It's not uncommon. In fact, at my alma mater, the students do the same thing in their IT security class. It's an exercise to show how easy it is to sniff packets, and find passwords for things like email accounts. This is meant to encourage better security. If the students don't know why something is important, they won't care. When I was in grade school, many kids didn't see why algebra was important, so they didn't care, and didn't bother learning the material.
    • At my school, after sniffing one lecture, I went right on down to the IT department, and showed them my packet sniffings of a proffessors machine infecting 6 unpatched machines in the library. They thanked me for it.

      • Re: (Score:3, Funny)

        by rgviza (1303161)

        At my school (ASU), after sniffing one lecture, I threw up a little in my mouth. Damned sweaty bohemians that think a magic crystal works as deodorant. Not in Arizona heat...

  • Wikipedia will do this to you. I clicked the link for Robert Morris, followed links to read about his first startup, and found their original business plan, which contained this gem in their list of needs, dated 8/24/95:

    2. Secure server software ($5000). This does not seem to be an absolute necessity; there are a lot of sites on the web where you can send your credit card number unencrypted, and to date there have been no reports of the numbers being stolen. But catalog companies may *believe* that a secure link is necessary, and spending this $5000 would give Webgen a much more professional look.

  • Money well spent (Score:5, Interesting)

    by Reason58 (775044) on Thursday May 20, 2010 @12:13PM (#32281710)
    FTFA:

    I got permission from Robert Morris and Sam Madden to monitor the wireless traffic during their Computer Systems Engineering class and made an announcement at the beginning of a class period explaining what I’d be doing.

    He told everyone up front he was going to do this and people were still chatting, watching TV, reading about Warcraft, and updating their blogs. Just imagine how bad it would have been if he hadn't said anything. I bet some hard working people who were rejected by MIT are really happy to read this.

    • by Chapter80 (926879) on Thursday May 20, 2010 @12:20PM (#32281840)

      Awesomely, AIM, Jabber, MSN Messenger, and Yahoo! Messenger were all represented in the traffic...

      AIM is the clear favorite.

      I've lost respect for MIT's admissions process.

    • by cgenman (325138)

      I'm kind of surprised that they don't announce this at the beginning of every class, log all interactions, and present that data back to the student when deciding upon grades. When people know they're being watched, they tend to behave differently.

    • Re: (Score:3, Insightful)

      by HeckRuler (1369601)
      Well those hard working people apparently weren't smart enough to sail through highschool physics/calculus, since they apparently had to work at it.

      It's a real kick in the pants, but some people are quick, clever, and sharp enough to achieve in a few minutes what it takes you hours to do. Life isn't fair, deal with it.
  • you need permission to receive radio transmissions?

    What's next? permission to listen to people shouting at others across a room?

    • by arth1 (260657)

      Bad anology. It's about the expectation of privacy.

      If I sit stark naked in my recliner at home, nothing prevents a passing balloonist from filming me through the window, but if he did so, I would still call it invasion of privacy. Because my expectations are that no-one will see unless they actively take steps to do so.

      Similar for WiFi -- no-one will overhear the traffic unless they actively take steps to do so. When they do, it's an invasion of privacy.

      • Re:hmm (Score:4, Insightful)

        by Lumpy (12016) on Thursday May 20, 2010 @12:37PM (#32282134) Homepage

        you can call it all you want. The Law states that any photo taken from outside the property is not. That is what matters, not what you think.

        It's how I dealt with a Asshat neighbor. pointed a security cam at his house. Caught him throwing trash over the fence to the next door neighbors. I sent the footage to the cops and he got nailed. He threatened to sue me based on "invasion of privacy" and I dared him to do it, i even egged him on with" you ain't got the balls" and 'chicken" because I know the judge would eat him alive.

        It's also why you can be arrested for indecent exposure when you are naked in your home. If I can see your dirty naughty bits from outdoors.

        if you want privacy, keep the blinds closed.

        • Re:hmm (Score:4, Informative)

          by swb (14022) on Thursday May 20, 2010 @01:34PM (#32282974)

          Don't egg anyone on. It raises you to "willful participant" status.

          Had it escalated to a physical confrontation you may have had trouble claiming self defense.

          You always want to remain a "reluctant participant".

        • by rgviza (1303161)

          >It's also why you can be arrested for indecent exposure when you are naked in your home.
          yup. happened in my neighborhood.

      • If you are broadcasting radio waves that can be picked up by anyone within broadcast range, your expectation of privacy should be zero. It would be different with wired, becasue that would mean someone would need physical access, and would most likely be trespassing and possibly breaking and entering to obtain physical access. When I can sit out in front of your house on public property and receive radio waves you are sending out, no crimes are being committed. What I am doing is passive, not active - the o
      • by butlerm (3112)

        18 USC 2511 (g): It shall not be unlawful under this chapter or chapter 121 of this title for any person (i) to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

        Unless intercepting unencrypted wireless traffic on an open network is a violation of some other law, it appears the Electronic Communications Privacy Act doesn't restrict it at all. (I posted this on th

    • Re:hmm (Score:4, Insightful)

      by CraftyJack (1031736) on Thursday May 20, 2010 @12:54PM (#32282380)
      It's called "civility".

      You ask before doing things could piss other people off even when you are technically within your rights to do so, and other people are willing to cooperate with you to mutual benefit.

      You can choose to forgo "civility", but then other people will refer to you as an "asshole" and you will have fewer opportunities to benefit from non-zero-sum cooperation.
  • by Itninja (937614) on Thursday May 20, 2010 @12:16PM (#32281752) Homepage
    from TFA: "...monitor the wireless traffic during their Computer Systems Engineering class and made an announcement at the beginning of a class period explaining what I'd be doing."

    So does this represent what would really be so if he hadn't told them ahead of time?
  • by Skyshadow (508) *

    Shoulda saved the results of the sniffing to Richard Stallman's account for old times sake.

  • CRAWDAD [dartmouth.edu] is a community based effort of sharing data captured on a wireless network, only after anonymizing. This has proved to be very useful to the research community in general.

    Very real statistics about the protocols used and the kind of traffic patters observed over a period of time can be observed from the data sets. All of this with users not being very conscious of their activities. I say this because some of the data sets are for durations as long as 5 years. It is a lot easier to avoid surfing pron

  • by RandomUsername99 (574692) on Thursday May 20, 2010 @12:35PM (#32282074)

    It beats sniffing MIT students. Trust me.

  • by nimbius (983462) on Thursday May 20, 2010 @12:37PM (#32282114) Homepage
    out what this article is actually about, and why i should give a shit...famous professor at expensive college gets approval for lesson plan related to security?

    in college to demonstrate secure passwords, i had a professor run john the ripper on our auth hashes in shadow. live-fire security demonstrations are always a good tool in college because it provides a route for hands on learning and a finer appreciation of the subject matter, but its no different than an accounting or finance class being asked to bring their tax returns in.
  • WWW != Internet (Score:3, Interesting)

    by Mostly Harmless (48610) <mike_pete AT yahoo DOT com> on Thursday May 20, 2010 @12:51PM (#32282324) Homepage
    From TFA: "Using the Internet means a lot more than HTTP traffic!"

    Maybe that's because the Web != the Internet? I know that the Web represents most of the active time many people spend on the Internet, but really? When did the two become synonymous?
  • Nothing new here. The same thing was done in 2005 when I was in the class. It was done by the professor himself and the next day he was able to display the IM conversation two kids were having in the class. One end was encrypted so he didn't think he could be caught, but the other end was not, so the prof was able to display the chat. Basically the chat had something to do about how bored the student was. It was quite amusing.

Maybe Computer Science should be in the College of Theology. -- R. S. Barton

Working...