[86900] in North American Network Operators' Group
Re: Wifi Security
daemon@ATHENA.MIT.EDU (Joel Jaeggli)
Mon Nov 21 14:59:58 2005
Date: Mon, 21 Nov 2005 11:59:28 -0800 (PST)
From: Joel Jaeggli <joelja@darkwing.uoregon.edu>
To: Jim Popovitch <jimpop@yahoo.com>
Cc: Randy Bush <randy@psg.com>,
Niels Bakker <niels=nanog@bakker.net>, nanog@merit.edu
In-Reply-To: <4382206D.9050902@yahoo.com>
Errors-To: owner-nanog@merit.edu
On Mon, 21 Nov 2005, Jim Popovitch wrote:
>
> Randy Bush wrote:
>>> As others pointed out (to me as well), for a _man in the middle_ attack
>>> (e.g. impersonating www.paypal.com) it is necessary to play ARP games or
>>> otherwise insert yourself in the flow of traffic.
>>
>> not really. you just need to be there first with a bogus, redirecting,
>> dns response.
>
> I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in
> hotels and airports that was setup for "co_presidents_club", "starbucks",
> "t-mobile" AND "tmobile", "corporate", etc. I've often wondered if those
> users were really being malicious, plain stupid, or were carrying around a
> laptop "owned" by someone else.
They were configured with a specific ssid at one point and are now
beaconing in adhoc mode becasue they can't find that ssid. Crappy driver
implentation is that root cause of that.
> Either way, there are PLENTY of systems out
> there pretending to be something they aren't. I often try to connect to them
> and get some data, but most either won't give an IP, or if they do, they
> don't forward packets or respond with anything worthwhile.
Dumb users in adhoc mode.
> I run a pretty
> tight system, so perhaps those faux APs are trying to detect other configs
> (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).
No they're just poor clueless users with bad software.
> -Jim P.
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja@darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
