[86894] in North American Network Operators' Group
Re: Wifi Security
daemon@ATHENA.MIT.EDU (Christian Kuhtz)
Mon Nov 21 11:19:49 2005
In-Reply-To: <39420CFB89A9E0449F4314DE8D1CFF4713035B@exchange.corp.hometel.com>
From: Christian Kuhtz <christian@kuhtz.com>
Date: Mon, 21 Nov 2005 11:19:16 -0500
To: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
--Apple-Mail-5--336066027
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=WINDOWS-1252;
delsp=yes;
format=flowed
On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:
> So my question is pretty simple. You have all these major companies =20=
> such as google/earthlink/sprint/etc. building wifi networks. Lets =20
> say I want to collect peoples information so I setup an AP with the =20=
> same ssid as google=92s ap so people connect to it and I log all of =20=
> their traffic. Most people won=92t check beyond the ssid to look at =20=
> the mac address but even that could be spoofed. Is there anyway to =20
> verify a certain ap beyond mac/ssid, will there be in the future? =20
> How do these companies plan to mitigate this threat or are they =20
> just going to hope consumers are smart enough to figure it out?
>
You're making an assumption that all these services will work like =20
any old AP or traditional WISP, perhaps one with open SSID, which may =20=
or may not be true.
As far as open SSID is concerned, as you probably already know, =20
there's nothing much other than VPN client from a machine you trust =20
to some place you trust that is going to help you. Such is the =20
nature of the beast.
As far as other abuse prevention voodoo and other operation and =20
implementation specifics, I somehow doubt anyone will spill their =20
guts here. One path to find a few of the answers is to discuss this =20
very subject with the equipment vendors in this space, which =20
shouldn't infringe on any proprietary information of the operators.
This is still a very much evolving technology as well, so, expect =20
fairly rapid developments to address needs as they emerge.
Best regards,
Christian
--Apple-Mail-5--336066027
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
charset=WINDOWS-1252
<HTML><BODY style=3D"word-wrap: break-word; -khtml-nbsp-mode: space; =
-khtml-line-break: after-white-space; "><BR><DIV><DIV>On Nov 21, 2005, =
at 9:42 AM, Ross Hosman wrote:</DIV><BR =
class=3D"Apple-interchange-newline"><BLOCKQUOTE type=3D"cite"> <P =
align=3D"LEFT"><SPAN lang=3D"en-us"><FONT size=3D"2" face=3D"Arial">So =
my question is pretty simple.</FONT></SPAN><SPAN =
lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"> <FONT size=3D"2" =
face=3D"Arial">You have</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN =
lang=3D"en-us"> <FONT size=3D"2" face=3D"Arial">all these major =
companies such as google/earthlink/sprint/etc.</FONT></SPAN><SPAN =
lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"> <FONT size=3D"2" =
face=3D"Arial">building wifi networks. Lets say I want to collect =
peoples information so I setup an</FONT></SPAN><SPAN =
lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"> <FONT size=3D"2" =
face=3D"Arial">AP</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN =
lang=3D"en-us"><FONT size=3D"2" face=3D"Arial"> with the same ssid as =
google</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"><FONT=
size=3D"2" face=3D"Arial">=92</FONT></SPAN><SPAN =
lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"><FONT size=3D"2" =
face=3D"Arial">s ap so people connect to it and I log all of their =
traffic. Most</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN =
lang=3D"en-us"> <FONT size=3D"2" face=3D"Arial">people =
won</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"><FONT =
size=3D"2" face=3D"Arial">=92</FONT></SPAN><SPAN =
lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"><FONT size=3D"2" =
face=3D"Arial">t check beyond the ssid to look at the mac address but =
even that could be spoofed. Is there anyway to verify =
a</FONT></SPAN><SPAN lang=3D"en-us"></SPAN><SPAN lang=3D"en-us"> <FONT =
size=3D"2" face=3D"Arial">certain ap beyond mac/ssid, will there be in =
the future? How do these companies plan to mitigate this threat or are =
they just going to hope consumers are smart enough to figure it =
out?</FONT></SPAN></P><P align=3D"LEFT"><FONT class=3D"Apple-style-span" =
face=3D"Arial" size=3D"2"><SPAN class=3D"Apple-style-span" =
style=3D"font-size: =
10px;"></SPAN></FONT></P></BLOCKQUOTE></DIV><DIV>You're making an =
assumption that all these services will work like any old AP or =
traditional WISP, perhaps one with open SSID, which may or may not be =
true.=A0</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>As =
far as open SSID is concerned, as you probably already know, there's =
nothing much other than VPN client from a machine you trust to some =
place you trust that is going to help you.=A0 Such is the nature of the =
beast.</DIV><DIV><BR class=3D"khtml-block-placeholder"></DIV><DIV>As far =
as other abuse prevention voodoo and other operation and implementation =
specifics, I somehow doubt anyone will spill their=A0guts here.=A0 One =
path to find a few of the answers is to discuss this very subject with =
the equipment vendors in this space, which shouldn't infringe on any =
proprietary information of the operators.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>This is still a very much =
evolving technology as well, so, expect fairly rapid developments to =
address needs as they emerge.</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV><DIV>Best =
regards,</DIV><DIV>Christian</DIV><DIV><BR =
class=3D"khtml-block-placeholder"></DIV></BODY></HTML>=
--Apple-Mail-5--336066027--
