Wifi Security
Joel Jaeggli
joelja at darkwing.uoregon.edu
Mon Nov 21 19:59:28 UTC 2005
On Mon, 21 Nov 2005, Jim Popovitch wrote:
>
> Randy Bush wrote:
>>> As others pointed out (to me as well), for a _man in the middle_ attack
>>> (e.g. impersonating www.paypal.com) it is necessary to play ARP games or
>>> otherwise insert yourself in the flow of traffic.
>>
>> not really. you just need to be there first with a bogus, redirecting,
>> dns response.
>
> I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in
> hotels and airports that was setup for "co_presidents_club", "starbucks",
> "t-mobile" AND "tmobile", "corporate", etc. I've often wondered if those
> users were really being malicious, plain stupid, or were carrying around a
> laptop "owned" by someone else.
They were configured with a specific ssid at one point and are now
beaconing in adhoc mode becasue they can't find that ssid. Crappy driver
implentation is that root cause of that.
> Either way, there are PLENTY of systems out
> there pretending to be something they aren't. I often try to connect to them
> and get some data, but most either won't give an IP, or if they do, they
> don't forward packets or respond with anything worthwhile.
Dumb users in adhoc mode.
> I run a pretty
> tight system, so perhaps those faux APs are trying to detect other configs
> (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).
No they're just poor clueless users with bad software.
> -Jim P.
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the NANOG
mailing list