Wifi Security

• Previous message (by thread): Wifi Security
• Next message (by thread): Wifi Security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 21 Nov 2005, Jim Popovitch wrote:

>
> Randy Bush wrote:
>>> As others pointed out (to me as well), for a _man in the middle_ attack 
>>> (e.g. impersonating www.paypal.com) it is necessary to play ARP games or 
>>> otherwise insert yourself in the flow of traffic.
>> 
>> not really.  you just need to be there first with a bogus, redirecting,
>> dns response.
>
> I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in 
> hotels and airports that was setup for "co_presidents_club", "starbucks", 
> "t-mobile" AND "tmobile", "corporate", etc.  I've often wondered if those 
> users were really being malicious, plain stupid, or were carrying around a 
> laptop "owned" by someone else.

They were configured with a specific ssid at one point and are now 
beaconing in adhoc mode becasue they can't find that ssid. Crappy driver 
implentation is that root cause of that.

> Either way, there are PLENTY of systems out 
> there pretending to be something they aren't.  I often try to connect to them 
> and get some data, but most either won't give an IP, or if they do, they 
> don't forward packets or respond with anything worthwhile.

Dumb users in adhoc mode.

> I run a pretty 
> tight system, so perhaps those faux APs are trying to detect other configs 
> (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).

No they're just poor clueless users with bad software.

> -Jim P.
>
>

-- 
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja at darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2

• Previous message (by thread): Wifi Security
• Next message (by thread): Wifi Security
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]