[86899] in North American Network Operators' Group
Re: Wifi Security
daemon@ATHENA.MIT.EDU (Jim Popovitch)
Mon Nov 21 14:31:33 2005
Date: Mon, 21 Nov 2005 14:30:53 -0500
From: Jim Popovitch <jimpop@yahoo.com>
To: Randy Bush <randy@psg.com>
Cc: Niels Bakker <niels=nanog@bakker.net>, nanog@merit.edu
In-Reply-To: <17282.7121.23051.255792@roam.psg.com>
Errors-To: owner-nanog@merit.edu
Randy Bush wrote:
>> As others pointed out (to me as well), for a _man in the middle_ attack
>> (e.g. impersonating www.paypal.com) it is necessary to play ARP games or
>> otherwise insert yourself in the flow of traffic.
>
> not really. you just need to be there first with a bogus, redirecting,
> dns response.
I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in
hotels and airports that was setup for "co_presidents_club",
"starbucks", "t-mobile" AND "tmobile", "corporate", etc. I've often
wondered if those users were really being malicious, plain stupid, or
were carrying around a laptop "owned" by someone else. Either way,
there are PLENTY of systems out there pretending to be something they
aren't. I often try to connect to them and get some data, but most
either won't give an IP, or if they do, they don't forward packets or
respond with anything worthwhile. I run a pretty tight system, so
perhaps those faux APs are trying to detect other configs (Client for
MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).
-Jim P.
