Full Disclosure mailing list archives
Re: A WiFi security tool I would like to see developed
From: matt merhar <merharm () wra net>
Date: Wed, 18 Dec 2002 22:31:48 -0500
Hey RMS, Great idea, but I think it's already been in the works in the latest version of Dug Song's infamous dsniff. I really hope that he fixes the several remote exploits that exist in this acclaimed pen-testing tool, though. Here are some recent #monkey logs I've acquired that highlight the features that I'm discussing. *** #monkey Session Start (11/24/02) *** <dr``> Hey Doug. How's it going? I'm working on my HoneyNet project, and I'd like to implement a WiFi security tool. I think it'd be splendid if we could somehow alert these ScriptKiddie BlackHats as to how insecure it is for them to use our HoneyPots send Unsolicited Commercial E-Mail (Better known as spam). <dugsong> Excellent notion! In my homeland of Asia, it is considered good KARMA to help people in times of need. Peradventure I shall add such a feature in my next version of dsniff? <dr``> Superb. Maybe you can give me credit for the idea? I think it'd be delightful if we made it email everyone involved in this BlackHat SPAM attack, including the Sender, the Receiver, and even those to which a Carbon-Copy will be sent! <dugsong> What's this bullshit I hear about ScriptKiddies being able to gain root access to the VMWare Host Machines by exploiting flaws in the x86 architecture? <dr``> Rubbish! I've got Lance Spitzner on my side. I'm sure he's audited the source code very well. What's this I hear about dsniff being remotely exploitable in several places throughout the CodeBase? <dugsong> Hmmm. Alright. I'll keep quiet. *** #monkey Session End (11/24/02) *** On Wed, 18 Dec 2002 21:28:04 -0500 "Richard M. Smith" <rms () computerbytesman com> wrote:
Hi, Here is a WiFi security tool that I would like to see developed and made available free of charge on the Internet. The tool would be a packet sniffer that listens to unprotected email traffic on a WiFi network. When it sees an email message being sent in the clear, it sends out its own message to the "To", "From", and "CC" email addresses saying that the message could be easily read by the "bad guys". The message who link to a Web page that describes the security problems with unprotected WiFi networks and then offers some possible solutions to the problems. This tool would be a great way to educate the public on the dangers of insecure WiFi hotspots. It would make crystal clear to all participants of the email conversation how easy it is for eavesdroppers to listen in. From privacy reasons, the tool should not keep a record of any the TCP/IP traffic that it sniffs. I believe that the tool can be put together without too much trouble using existing public domain software libraries. Any takers? Thanks, Richard M. Smith http://www.ComputerBytesMan.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A WiFi security tool I would like to see developed Richard M. Smith (Dec 18)
- Re: A WiFi security tool I would like to see developed matt merhar (Dec 18)
- Re: A WiFi security tool I would like to see developed xbud (Dec 19)
- Re: A WiFi security tool I would like to see developed matt merhar (Dec 19)
- Re: A WiFi security tool I would like to see developed Michael Scheidell (Dec 20)
- Re: A WiFi security tool I would like to see developed matt merhar (Dec 19)
- Re: A WiFi security tool I would like to see developed xbud (Dec 19)
- Re: A WiFi security tool I would like to see developed matt merhar (Dec 18)