North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Jim Popovitch
  • Date: Mon Nov 21 14:34:02 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024;; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=jmw4KkWEkXt7siQDgaGrIH+4yX1i5v4StO79ob+5toROFtgrn+Isls3RZ5XIBfOoUIFvXfsuy0ARPOPi9sqRobuu1Yt+1K0hi2804P1S5q5w6kSpPKirfsmEM3tmbnN4lXoQjjQa8ihQZoCHUsFTyeCGPqQEQcm8v9vtDciQtMM= ;

Randy Bush wrote:
As others pointed out (to me as well), for a _man in the middle_ attack (e.g. impersonating it is necessary to play ARP games or otherwise insert yourself in the flow of traffic.
not really.  you just need to be there first with a bogus, redirecting,
dns response.
I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in hotels and airports that was setup for "co_presidents_club", "starbucks", "t-mobile" AND "tmobile", "corporate", etc. I've often wondered if those users were really being malicious, plain stupid, or were carrying around a laptop "owned" by someone else. Either way, there are PLENTY of systems out there pretending to be something they aren't. I often try to connect to them and get some data, but most either won't give an IP, or if they do, they don't forward packets or respond with anything worthwhile. I run a pretty tight system, so perhaps those faux APs are trying to detect other configs (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).

-Jim P.