[86896] in North American Network Operators' Group
Re: Wifi Security
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Nov 21 12:52:30 2005
Date: Mon, 21 Nov 2005 09:50:11 -0800 (PST)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: "Stephen J. Wilcox" <steve@telecomplete.co.uk>
Cc: "Patrick W. Gilmore" <patrick@ianai.net>, nanog@nanog.org
In-Reply-To: <Pine.LNX.4.44.0511211502550.25860-100000@server2.tcw.telecomplete.net>
Errors-To: owner-nanog@merit.edu
On Mon, 21 Nov 2005, Stephen J. Wilcox wrote:
>
> On Mon, 21 Nov 2005, Patrick W. Gilmore wrote:
>
>>
>> On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:
>>
>>> So my question is pretty simple. You have all these major companies such as
>>> google/earthlink/sprint/etc. building wifi networks. Lets say I want to
>>> collect peoples information so I setup an AP with the same ssid as google's
>>> ap so people connect to it and I log all of their traffic. Most people
>>> won't check beyond the ssid to look at the mac address but even that could
>>> be spoofed. Is there anyway to verify a certain ap beyond mac/ssid, will
>>> there be in the future? How do these companies plan to mitigate this threat
>>> or are they just going to hope consumers are smart enough to figure it out?
>>
>> Why would you even need to set up an AP? Why not just sit and sniff traffic?
>> Gets you the _exact_ same information.
>
> man in the middle is easier if you are the gateway, no need to steal arp
you don't have to steal arp on a wireless network, you just sniff the
frames as they go by.
>> And why worry about Google, etc., when Starbucks and airports have been doing
>> this for _years_?
>
> yup
>
>> Lastly, most consumers are smart enough to know to use encryption (the little
>> pad-lock in their browser). Some aren't. Changing the WiFi architecture is
>> not going to save those who aren't.
>
> 'most consumers' .. cmon, less than one percent.. seriously.. ymmv tho, eg at
> airports you stand a higher chance of sniffing a vpn connection but as has been
> demonstrated many times, even us techies havent got our heads around encryption
> yet.
>
> heres some fun, next time you're at nanog or your favourite geek conference,
> just run 'tcpdump -w - -s1500 -nn|strings|grep -i password' and be prepared to
> hit scroll lock ;)
>
> Steve
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
