Wifi Security
Jim Popovitch
jimpop at yahoo.com
Mon Nov 21 19:30:53 UTC 2005
Randy Bush wrote:
>> As others pointed out (to me as well), for a _man in the middle_ attack
>> (e.g. impersonating www.paypal.com) it is necessary to play ARP games or
>> otherwise insert yourself in the flow of traffic.
>
> not really. you just need to be there first with a bogus, redirecting,
> dns response.
I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in
hotels and airports that was setup for "co_presidents_club",
"starbucks", "t-mobile" AND "tmobile", "corporate", etc. I've often
wondered if those users were really being malicious, plain stupid, or
were carrying around a laptop "owned" by someone else. Either way,
there are PLENTY of systems out there pretending to be something they
aren't. I often try to connect to them and get some data, but most
either won't give an IP, or if they do, they don't forward packets or
respond with anything worthwhile. I run a pretty tight system, so
perhaps those faux APs are trying to detect other configs (Client for
MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).
-Jim P.
More information about the NANOG
mailing list