Hi and welcome to Backup Central's Restore It

All podcast, I'm your host, W.

Curtis Preston, AKA Mr.

Backup.

And with me, I have my AirPod loss consultant, Prasanna Malaiyandi.

How's it going, Prasanna?

I'm good, Curtis.

I'm good.

Isn't that?

The problem with such small devices?

It, it, it really is.

And I haven't even told you the, the end of the saga, right?

Because you, you remember, I had, I had a, I had a missing AirPod, right.

And, and just to make it worse, it was an AirPod pro, so it's like more expensive

and I didn't, and no, I didn't pay for the insurance, which, you know, given the

costs and everything I really should have

. So.

I, um, I couldn't find the one, the one AirPod and I, as you may know,

I recently have my office painted.

So, you know, viewers that are watching this, you can see this,

this is agreeable gray behind me is the official color of that.

Um, cuz it was like peach for the longest time, cuz this was originally a nursery.

And in the midst of cleaning my office, I found the missing AirPod.

Where was it?

It

It was just literally laying on the floor over on the corner.

So I went to my wife and I said, guess what?

I found the missing AirPod.

And she said, guess what?

I found your AirPod case and your other AirPod.

Where did you find it?

In the wash.

Did it actually run through the wash?

Oh yeah.

Yeah.

Is, is muerto, my friend.

So guess what I have now?

you just, well, I see that it looks like you're

wearing a new set of air pods.

But guess what?

This one has.

A tile on the back.

Wait, so are you gonna put one for of the air pods too?

No, the thing is the AirPods themselves

has if the AirPods themselves.

So first off, I'm gonna be much more like if I can't find my AirPods right

now, I'm gonna make it my top priority to find the missing AirPod at that moment.

Right.

I'm not gonna go, oh, I find it later.

Cuz you gotta find it while it has charge.

But I also would misplace it them in a case.

Right.

Because there's no, there's no feature to find the case.

And uh, so.

Yeah.

So I decided to put a tile and it looks doofy as hell, but

you know, it is what it is.

I, I, I'm such a big fan of the tile family, if you will.

Uh, I have a tile, I have a wall, the credit card tile in my wallet.

I have a tile on my, on my keys and, this is a very easy segue into what

I wanted to talk about this week.

Which is this concept of warshipping, which is a, not to be confused with

worshipping, which is very different.

Um,

I didn't,

they, they sound very similar to the non-native English

speaking ear, uh, war, as in battle and shipping, uh, what, what would you,

what would you define war shipping as.

it's almost like remote hacking, if you will.

Right.

Where except.

It's taking that plus you're adding in, like, I know we've talked about

sort of physical penetration testing before in the past where you're

trying to break into a building.

Warshipping is like doing that without having to take as much risk.

Right.

You're basically shipping a device to a company.

And letting it sit in the company and using it in remotely accessing and

try to gather all this information from their networks, etcetera,

all remotely, without ever having to be anywhere near the company.

And the fact that they don't even know that that device is there potentially.

That is.

Yeah.

And by the way, we, the first time I saw war shipping demonstrated

if you will, is in what TV show?

No.

That's

actually, Mr robot was the one I was thinking of.

It's quite possible.

I've see, you know, I watched a lot of alias.

I was a big fan of alias, but the thing was the tech in alias was

often so like out there, right.

Like I remember there was the one that I really think about was that

they wanted to suck a bunch of data out of a server and they couldn't

physically break into the server room, but they could physically break into.

They could hover over the server room, like, you know, like the scene in, um,

Mission impossible.

like that.

So like hover in that way.

And what they got was she had a hard drive with a built in wireless modem.

And all she had to do was like, like hang upside down within

like two feet of the server.

And all of the data would transfer wirelessly up to this

device via the wireless modem.

And it was like,

cone from 2000

Yeah.

I mean, it's totally possible.

Right.

And the thing was, I don't remember what the number was, but it was something

like 20 terabytes and it's like, you know, cuz they actually gave the size.

They're like, oh this is 20 terabytes of data.

And I'm like, so 20 terabytes of data.

Wirelessly, nevermind the fact that just, I don't understand how

it's supposed to connect to the server, but let's just let that go.

You're gonna transfer 20 terabytes of data wirelessly in 30 seconds.

I want that box.

That's what I remember thinking, but no, that's not what I was thinking about.

I was thinking about, uh, as I recall, didn't he want to hack didn't he want

to hack into what did they call it?

Steel mountain.

Yes, I think it was called steel mountain.

Yep.

Clearly an allusion to iron mountain.

Right.

They wanted to hack into the evil Corp and, and so they, they sent

a device and as I recall, didn't

it was like a cellular device.

Yeah.

It was a cellular device.

I believe that had like a wifi hotspot and would attack their network and

allow them to take over like the security controls and other things like

Right.

Right.

And because as you know, we often know that physical access is if you can

gain physical access, all bets are off.

Right.

I, I think warshipping.

I, I don't, I'm not sure if that would qualify as war shipping because this

is a specific, you know, and again, I'm not a cybersecurity expert, but

to me, I think the idea is you're not even gonna do the physical penetration.

You're gonna do it remotely via something.

I, but I think though the first part of what they did

in that episode, I know it's a fictional show that we're talking about Mr.

Robot, but I think at least the first part could be considered warshipping.

Right.

Because he is sending a device remotely letting it sit there.

I think it was sitting in the mail room if I recall.

Right.

And it got.

I, I, yeah, well, if that's the case and I

withdraw my objection, your honor.

But what I remember was that he like stuck it, that he actually went in

Oh, he went in

on a wall.

Yeah.

That's why I'm saying, but anyway, again, it doesn't matter, but

that's the thing that matters is that we're shipping a device.

Yep.

that is going to somehow remotely, uh, monitor.

And this article that we found, which, which I'll put it into the, um, into

the show notes in a, a site called darkreading.com, which is, it's not

a little light reading, it's dark reading Um, and the idea is that.

What, what he was saying or, uh, yeah.

Will plumber chief security officer at Ray secure the, is that there are

so many of these many computers and he specifically called out The raspberry pi.

pie.

Yep.

Um, and you know, that it comes, it

comes with everything you need.

then you just need to give it some storage and some power and, and, uh,

it says, um, so it's just interesting.

Yeah.

So the idea is that he described how you could easily build a warshipping

device that could fit in an envelope.

itself for quite a long time and then get shipped to a company

and then just sit there, sucking up all the data that it could.

So my question to you Prasanna is why wouldn't that device get noticed?

Well, it depends right now, if we're in

the middle of a pandemic where no one's going into an office, right.

That's a perfect opportunity.

You ship something.

No, one's gonna really be checking the mail that often people aren't going by

the mail room and pulling a package.

Right.

So it might go into the mail room.

Someone's like, oh yeah, it's Steve Smith's mail.

They leave it on Steve Smith's desk.

Steve Smith may not show up at the office for like two weeks, three

weeks, or he may never come in.

Right.

And that's a lot of time for a device to be sitting there listening to all the

network connections, not being discovered because who's gonna open your mail.

Right.

That's just kind creepy.

well it's and, you know, and it's a federal crime depending

on, to whom the mail is addressed.

Right.

So, yeah, so that it's . Yet another example.

And we've talked about this before on the podcast.

It's yet another example of how the pandemic has created

another opportunity for hackers.

So in this case, you know, we've talked about how that.

So many people have, have moved to work remotely and because they're working

remotely, they're no longer behind their company's firewall and they're working

in, you know, Starbucks or whatever.

And they, uh, they, you know, so they're, they're more open

perhaps to being attacked directly.

By ransomware or, or other malware.

And in this case, this is it's the, the data center it's sort of now the

data center or the, or the, or the office as it were, has been ignored.

And so all these people are receiving packages and.

Those packages could very easily contain one of these war shipping

devices, which could then sit on the network for a really long time.

So my question to you, and again, go ahead.

But I think there's a couple things I wanna bring up, right.

The first is that yes, it could sit there and it doesn't just

directly get onto your wifi.

Right.

There are packages, software packages out there that allow to either passively or

actively try to attack and break into the wireless network by listening to packets,

trying to break the, uh, encryption.

Right.

Figuring out what the key is to be able to access the network.

Right.

So assuming it's done that though.

I think actually the fact that there are less people in the office should

trigger alarms when a unknown device shows up on your network, right?

It's not like you're gonna have hundreds of people who are coming

into the office now logging in bringing their own device, etcetera.

Right?

If this is really a shut down office, right?

The fact that a new wifi device joined your network should hopefully

flag or trigger some alert.

It's funny.

This is gonna be, this is a total non sequitor, but it's not shut

down is another one of those words.

It's a compound word in English where as a, as a noun, it's one word as a verb.

It's two words, just like backup.

Backup is two words when it's a verb

And it's one

word when it's a noun.

Gotcha.

anyway, sorry, you know, for those, you know what, if you

learn nothing today, you learn that backup is two words when it's a verb

and it's one word when it's a noun.

I, if I back up, I create a backup.

If I back.

That's two words.

And why is it two words?

Because I, I, back up, he backs up, she backs up, he backed up, right?

So it allows for different tenses.

Anyway, sorry.

I digress.

And today's grammar lesson brought

to you by the letters a and E

it's one of my pet peeves, by the way, uh,

when people spell backup as the

with two.

With with, with, with no, as one as one word, uh, or

vice versa, either way, either way.

I I'm I'm easily peeved as you know, but, but yeah, so, so we'll talk about

some preventative stuff in a minute.

Uh, my question, you know, you said, cuz that was gonna be my question.

Well, I, when I go in, when I go into the Druva corporate network,

for example, by the way, Prasanna and I work for different companies.

He works for Zoom.

I work for Druva.

This is not a podcast of either company and the opinions that you hear are ours.

Also be sure to rate us at ratethispodcast.com/restore and, um,

or, uh, just click, you know, scroll that, especially if you're on apple

podcast, just scroll to the bottom, hit the stars, give us a comment.

We love it.

And, uh, we also love to hear from you if you know, more stuff, if you know more

about this warshipping stuff than we do, which by the way, that's pretty possible.

Uh, because we're, we're totally faking it at this point

Or if you have other movies that it happens

or yeah.

Yeah.

Actually, if you wanna discuss, if you wanna discuss why the technology

in alias was way better than I think it was, you know, whatever.

Um, anyway, I'm just saying I've met Jennifer Garner.

I'm just saying.

I met her and I'm pretty sure she, it was as memorable of an

experience for her as it was for me.

So

and.

So here's my question.

So you, so that was what I remember asking you.

Well, just because when I go into the Druva office and, and if I have

a new device getting onto the Druva corporate network is not easy peasy,

I've got to have the right S S I D I've gotta have the right, uh, password.

How, how does that happen if you've just got a random device that

doesn't have that information,

So

how does it get onto the

network?

sure it's not as secure as you think.

The fact that people go and say hide network from broadcasting SS, I D

doesn't actually prevent anything.

Right.

It's kind of, uh, it's hidden, but there are tons of tools that are still

able to figure out what the SS I D is based on what's being broadcast.

So that's not a good way to protect the network.

In fact, a lot of people.

Don't even bother hiding it because it just makes things more complicated

for guests and other people to find your network right now, once you

know what the SS I D is, right.

There are tools.

That'll sit there, suck up all the packets.

Right.

And then eventually things have gotten smarter that they're able to break the

encryption key and figure out what's the passcode to get into your network.

Right.

So it's not bulletproof.

that sounds bad.

And especially if you have a war shipping device

sitting there for a day a week, right.

Just sucking up all this information.

It can just sit there and passively listen.

Right?

Because airwaves are airwaves.

So anyone can listen in on those airwaves of the fact it's

going back and forth, right.

Especially in networks where maybe they're using WPA two or even

WPA, the older standards, right.

Not WPA three, which is the latest and greatest, or they, or they're using.

TKIP rather than AES for the encryption.

Right.

Don't ask me what it stands for.

I just know that T I P is less secure than AEs.

Right.

But there are all these things,

It's it's it stands for the keys.

I prefer.

Is it really?

I don't think

have no idea.

No, I don't think so.

I have no idea what T K I P stands for.

But there, there are all these issues.

Right.

And so.

there are ways to break into networks or say you have a vulnerability,

or you don't have the latest patches on your access points.

Right.

That could also be another way.

So it's not unknown.

Right.

right.

a matter of time.

And like you said, if you have a warshipping device that's sitting in

your, at your corporate office, right.

It can sit there for weeks without being recognized and just

keep sucking up all this data.

why wouldn't I, why would I go through that trouble?

Why wouldn't I just like drop one of these things, like right outside your building,

Someone might

and remotely access your yeah, no, that's a good

someone might see.

It depends also on how the wifi is configured.

Right?

Some people might not have full coverage really outside, or they might have

sort of different networks sitting on the outside versus the inside.

right.

Depending on

Uh, I mean, I mean, yeah, it might just be

a weak signal outside, but yeah, but this is a super easy way.

Send it to a person that's a remote employee and, you know,

or just send a bunch of them.

Right.

You only have to get right with one of them.

The, um, So, so you're saying that over time, given enough time, you could, you

know, theoretically, and again, this is one of those things where you don't

have to be successful with everybody.

You just have to be successful with one company.

Yeah.

And the

yet another method

the other thing also is computers have gotten blazingly

fast processing and computing.

That what used to take a while to try to break like an encryption

algorithm right now, it doesn't take as long as it used to.

And like you see right with the raspberry pi and other things like that.

Right.

It's conceivable that it won't take you that long to

actually break that encryption.

Yeah, he talked about, um, he said he

talked about a raspberry pi.

Um, and then he said, he'd use a wifi dongle.

Um, so he can connect to the internet.

Right.

Uh, and then

I think actually the wi the wifi dons, actually to connect

to the wifi network of the company.

And

Yeah, so basically he's talking about two different connections.

One to be able to, to do a, a, to get a SIM card and a sell, click

connection, an optional GPS device.

That's.

Right.

Um, but all these are little things that you can easily plug

to a raspberry pi without very much cost and, and send it in.

Right.

And again, I, I don't want the, I don't want this to be,

you know, blaming the tool.

Right.

Raspberry pi is a pretty cool device.

This isn't raspberry pi's fault.

It's just what, what, I think what the true culprit, if you will here

is that you have this ability.

Where you have all these offices that are, that are, you know,

relatively unnocupied, right.

And you, you just send a device and it can just sit there all this time.

So let's talk about, um, you know, you've talked about it already, but let's talk

about ways that you can prevent this.

So, um, the, the first, you know, you, you're saying that.

We're going back to sort of monitoring.

You should be monitoring your network traffic for all kinds of things.

And before we even talk about this one, let's talk about some of the things

that we've mentioned on other episodes, things that you should be looking

for first off, I, I agree a lot with.

You know, we've had snorkel 42 from Reddit on here, and he talks a lot

about preventing lateral movement.

And I think that that's a really important thing that you should

be, you should be blocking.

You should also, I think, be looking for things that are

trying to do lateral movement.

Right.

Um, and you should be.

Um, and I think, and again, I understand that this is harder and you know, which

therefore means it's gonna come with more cost, but the idea of using some

sort of machine learning to monitor what is normal network traffic for,

for every device on your network.

And then when you see a new device or you see a significant change in.

The the, the bandwidth utilization, especially upload, you know, cause

somebody's doing exfiltration.

Um, he, he, then, then, then you, you shut that down, right?

You shut that down, contact that person and go, Hey, what what's going on?

They're like, oh, you know, I suddenly, I started producing videos for the company.

Oh crap.

Sure.

You know, no problem.

Right.

No big deal.

Right.

Sorry, Alex.

Um, but so, but the, uh, but then you're like, oh, I, I wasn't doing anything.

And you find out while the guys got ransomware and it's

uploading all this data.

Right.

Um, and then the other thing that I remember, um, snorkel talking about

was the idea of blocking access to.

Um, new domains, right?

Newly registered domains or newly activated domains.

That's a that, I think that's an important one.

And we've had the, the DDI folks on here, the, the idea of blocking

access to weirdly named domains.

Right?

You remember that, that, that command and control servers have these really long

domains and that no one would ever type.

The only reason they're so long is because that each part of that domain.

Name is a, is an instruction, right.

Or a request.

And then it responds with the appropriate instruction.

And, um, there are a bunch of things that you can do like that to prevent

malware from executing once it gets in.

Right.

Um, and this would be an example of a way that malware would get in.

Just going back to sort of the monitoring

aspects and the flagging.

I like the anomaly detection that you talked about looking at basic patterns.

Um, I think what becomes challenging is as companies, and this was even pre pandemic.

Right where people would bring their own devices.

Right.

Because I everyone's like, Hey, I'm more efficient.

Right.

And so you now have a lot of random devices that aren't corporate

controlled showing up on your network.

Right.

I think that becomes a challenge.

It's in terms of how do you ensure employees are productive, right.

And have easy access to devices they want versus, um, locking

everything down and securing it.

Right.

This is kind of what snorkel also talked about.

Right.

It's kind of the trade off between.

Ease of use versus security.

Right.

And there's always gonna be that tension that

Well, he, he, he, he seemed to be okay with

what I was suggesting though, of the, sort of the stomp on

somebody's foot and say, oh, sorry.

I, you know, and then lift it up for that one person who has a legitimate reason.

And by the way, I think, and again, I'm not an expert in those

particular types of product, but I would think that that particular,

uh, challenge would be easy to.

Would be easily dealt with, by for example, we have a standard

profile for a new device.

That's on the network.

A new device does a lot of lookups does a lot of browsing.

Doesn't send a lot of data,

But I, I

And then when you know what I mean, I'm just saying on again,

you could have, you could have a, a usage of a machine learning pattern for,

this is what a new device looks like.

And then that device, that device that just came on, it's sending

a whole bunch of data up, shut it down and then go figure out why.

But I'm wondering.

it's impossible.

It's not impossible, but I'm just wondering,

given limited it budgets, given limited resources and skill sets, right.

Are most companies really going to be able to invest and manage a tool like this?

Or is it one of those things where people are like, yeah.

warshipping or these random devices coming on the network?

I know it's an issue, but it's not the.

Immediate thing.

And like you said, going back to what you were talking about, right?

How do you prevent lateral movement instead of trying to

prevent them from coming in?

How do you prevent the damage if they get it?

Yeah.

Um, I, I, I do think, and you, you may recall that that.

That his advice was he had a longer list before we, before you

got to what I'm talking about.

He didn't have any problem with what I was saying, but he, but he wanted to

like block access to, to weird domains.

He wanted to, uh, limit lateral movement.

Uh, he wanted to do MFA everywhere.

Uh, do least privilege everywhere.

These are all basic concepts of computing that everyone should

be doing everywhere they can.

And the, uh, and no one should be administering a server

via root anymore, right.

Or administrator, it should, that should just never be happening.

And, um, the.

Uh, and the only place you should be able to log in as root should be at the console

and you know, all these different things.

Right.

And, uh, and I think it should be a, like a breaking glass situation, right?

If someone needs the root password, the root password is somewhere available,

but you gotta go through all these different levels of change to get the

access, you know, all of those things.

I think those are all great.

I guess the reason why I focus so much on.

This concept of monitoring the network for even if again,

something is better than nothing.

That, that, that's another concept that he talked about a lot about

something is better than nothing.

If you could get, you know, a basic tool that just did you know that just

even if you, if, if you didn't do the automated shutdown, but you got

a basic tool that just monitored for the upload patterns of every device.

And then you, you found a device that suddenly was, you know, this

really high and you could, you know, find out who the device is, right.

Flag it.

Right.

Uh, again, with the, with the B Y O D situation.

I don't know how you figure out who that device is.

Other end to shut it off, honestly, other than to shut it off it's you probably

won't be able to do it automatically with a less expensive tool, but you shut it

off and then what's gonna happen is Fred's gonna come to the it department and go,

Hey man, I got good on the Yeah, well that's because you were uploading stuff.

Um, and, and then he's like, I know what you're talking about.

Well, you found, you found your culprit, right?

That, oh, by the way, I, I just want the reason why I'm so hot on.

And maybe even more so, and again, it's because of my backup background

and that is that a good air gap.

Backup is the best defense against traditional ransomware.

Mm-hmm

There is no defense against exfiltration once it has happened.

None.

And that's why I, I perhaps focus on that a little bit more.

I think all the other stuff is, is good.

Uh, I just like this idea of somehow using something, you know, um, and, and

another, I think maybe easier one on the built-in devices is, is whitelisting

right on the company.

Devices is whitelist, you know, application white listing.

Yep.

everything I.

right.

Yeah, applica, well, I think both right.

Um, you know, application and, um, the other thing it's like, you can,

you know, there's just ways, I think you could, you could somehow limit an

individual devices, ability to start downloading or uploading the entire

company's intellectual property.

Okay.

So enough about that, let's talk about , let's talk about

what this episode's actually

so, so going back to, this is an actual device.

I think we kind of went down the, okay.

How do you do it once it's in your network?

But I think there's a whole bunch of basics, even before we get to that.

Right.

Curtis,

Yeah.

Yeah.

this is a physical device, right?

It's landing on someone's desk.

What can you do before?

It just like sits there.

Well, I think one of the things, well, the question,

you know, in no particular order, this is just what's coming to my mind.

One is, you know, physical security.

Um, you, you know, this is, this is a physical security problem

before it's anything else?

They're talking about Physically processing packages.

And there also, there are mail scanning technologies.

There's a box.

You can run all the mail through and go, Hey, this thing is, this

thing is broadcasting a signal.

You know, this is a problem, right?

You can do that.

You can scan the thing before it comes in.

The other thing is what,

put it in a faraday day cage,

what

Prasanna Malaiyandi:

put it in a faraday cage

put all, can you buy a big faraday cage?

They did an enemy of the state.

I just mean a big enough one, you know, can you

make the mail room a faraday cage,

I bet you could.

Yeah.

So that, that, that could be another way to do it.

Right.

Uh, poor guys in the mail room, they don't get any wifi.

The, um, the, the other is the, the device white listing that you talked about.

Everybody needs to have a conversation with it before their

device is allowed on the network.

Is that.

So is that, is that unreasonable?

What do you think?

Prasanna Malaiyandi:

So it it's reasonable.

Prasanna Malaiyandi:

I think the challenge is, or that they get segmented off into a separate wifi

Prasanna Malaiyandi:

network where they get almost zero access.

Prasanna Malaiyandi:

Right?

they get, they basically, this is guest versus

yeah.

Yeah.

Now,

Doesn't see anything in the corporate network.

All it gets is ability to Google stuff.

yeah.

Now the only challenge is how you end up doing that white listing.

Um, there are issues, depending on what sort of method you use.

If for instance, you're just using Mac address, filtering Mac

addresses can be spoofed, right?

So it's not a great mechanism to

But you would,

device

I mean for this device, sorry to interrupt there, but

for this device, you know, you're, we're assuming that this device is

just a dumb device that wouldn't know what Mac address to spoof.

oh, it could.

You know?

It could, if it's sniffing all the wireless

packets, it would be able

Oh, you're saying, you're saying it's oh, geez, man.

Prasanna Malaiyandi:

And, and especially if

stuff, man.

and especially if it's a passive device, right.

It's just sitting there listening to everything coming across the airway.

So

so, alright, so you, you clearly know

more about wifi than I do.

Can we monitor for this device that is sniffing packets?

Can

if it's

passive, if it's passive, you can't tell at all, because it's just airwaves right.

Wifi is just a signal.

Right.

Right.

So what,

So the, which is why I said from a, the best thing

is, like you said, go back to the physical security aspects, right?

Try to prevent the wifi device from sitting or the warshipping device from

sitting in your corporate mail room or in your location for long periods of time.

Right.

Have a process to take the packages, scan it.

If you can, if you don't have a scanning ability.

Contact the recipient say you have this package, come pick it

up with a certain amount of time, forward it off to the person.

If you have to right.

Ask them if they're expecting a package or even if you can open the package.

Right.

If they're not expecting something, ask can I open it?

Right.

There are so many different options,

So number one, you've got to have someone actively

managing all of the mail from all of these people that are getting

mail during the pandemic, right?

Yep.

this is gonna be at, at a minimum.

This is gonna be a bulky envelope, right?

One of those puff.

Yeah.

Envelopes and possibly a box.

And you have rules specifically for those you contact, you need

to contact a person and ask what should be done with this thing.

Right.

Uh, and if they're not expecting a package, perhaps yeah.

You could create a policy.

Right.

Um, I don't think you should be randomly opening mail from people that

Prasanna Malaiyandi:

Without their permission

to do it.

Right.

Right.

you should yeah.

Or forward it off to them or whatever else is.

Yeah.

I, I think that basic based on what I'm hearing from

you, this is really the only choice,

I,

right.

Because the white listing, the, the device white listing wouldn't stop the

person, you know, the, the box that his SPO has, you know, sniffed packets

has spoofed the

well, And this is where I was saying that it depends on what

methodology you're using for whitelisting.

There's other things like radius authentication and other certificate

based authentication and other things, which you could also use for whitelist.

Right.

And so that's why I said, if you're just doing basic Mac address

filtering, it's not strong enough.

Okay.

So, so, so then we, we do have this additional, this is, this is all

in the line of like four more money

Yeah.

Yeah.

stop this completely by a more robust

whitelisting system than Mac addressed

Yeah,

Yeah.

Okay.

Yeah.

That makes sense.

Um, but I, I think it, I think like a lot of it, you don't, you don't

leave your data center open, wide open, and so you shouldn't do this.

This is essentially an intrusion into your data center, right.

Or into your corporate network.

And so you shouldn't leave that wide open.

I guess there are many people like me that just never thought of war shipping

as a way to get into a corporate network.

And so they're not thinking about these incoming packages as a potential.

Yep.

And so you need to think about those packages as an

internal, as a, as a potential risk.

And they need to be handled physically before they can do any damage.

The other thing to consider is I know we've

been talking a lot about corporate environments and warshipping, but

also if you get a random device in your mail, right from someone and it

looks like a camera or something else.

And you're like, oh, that's kind of cool.

Let me plug it in.

Don't plug it in.

Right.

Be very careful at home also of putting random things on

your network.

I read this article and I was like, dang, that is just something

I never thought about in my life.

so it's interesting because there was actually

an uptick in these articles about warshipping back in 2019 as well.

When I did some Googling.

Uh huh.

So this isn't the first time it's come out.

But I think specifically with the pandemic and everything else, it's

kind of coming back to the forefront.

In fact, warshipping here's something.

I was just looking it up.

I don't know how accurate this is.

Warshipping is a term coined by IBM in 2019.

All right.

That's kind of cool.

Good old, IBM still, still setting the bar, raising the

bar, whatever you wanna call it.

that's probably why all those articles started in 2019

You could put it in a place in your

building that doesn't have wifi.

Yeah.

There are places in your building that you know, where

they are because you tried to use the wifi there and it doesn't work.

Or you just have all packages delivered to an offsite facility.

Don't have it delivered to your

corporate network.

you know what you could have, you could have your, you

could have packages, like I'm sure that that could be managed for you.

Yeah.

That wouldn't be free, but it could be managed for you.

Yeah.

All right.

Well, once again, we have solved world peace.

Uh, so thanks for, thanks for helping me keep people safe.

Prasanna.

Anytime.

And thanks for sharing that article, Curtis.

Yeah.

It's now we'll have to go back and watch Mr.

Robot and figure out what exactly he did if it was warshipping or something else.

Yeah, I, yeah.

My memory is like he was a janitor.

Like he pretended to be a janitor and then stuck the thing.

Thanks to the listeners.

Uh, for those of you that stuck out this long and remember to subscribe