North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Jim Popovitch
  • Date: Mon Nov 21 14:34:02 2005
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=jmw4KkWEkXt7siQDgaGrIH+4yX1i5v4StO79ob+5toROFtgrn+Isls3RZ5XIBfOoUIFvXfsuy0ARPOPi9sqRobuu1Yt+1K0hi2804P1S5q5w6kSpPKirfsmEM3tmbnN4lXoQjjQa8ihQZoCHUsFTyeCGPqQEQcm8v9vtDciQtMM= ;

Randy Bush wrote:
As others pointed out (to me as well), for a _man in the middle_ attack (e.g. impersonating www.paypal.com) it is necessary to play ARP games or otherwise insert yourself in the flow of traffic.
not really.  you just need to be there first with a bogus, redirecting,
dns response.
I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in hotels and airports that was setup for "co_presidents_club", "starbucks", "t-mobile" AND "tmobile", "corporate", etc. I've often wondered if those users were really being malicious, plain stupid, or were carrying around a laptop "owned" by someone else. Either way, there are PLENTY of systems out there pretending to be something they aren't. I often try to connect to them and get some data, but most either won't give an IP, or if they do, they don't forward packets or respond with anything worthwhile. I run a pretty tight system, so perhaps those faux APs are trying to detect other configs (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).

-Jim P.