Educause Security Discussion mailing list archives

Re: Firesheep/Cain& Able

From: "Foerst, Daniel P." <FOERST () CUA EDU>
Date: Tue, 2 Nov 2010 18:08:57 +0000

Hey all,

Has anyone run Firesheep to see that it does what it claims? I have run it both on a Windows XP box (with WinPCAP) and 
OS X and in each case I have not gathered any data outside of sites that I have visited myself. Perhaps I am 
misunderstanding what this application does. I am connected to an open network, heck both laptops are on the same 
network, same ssid, same AP even.

Thanks!

-dan

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Isac 
Balder
Sent: Monday, November 01, 2010 12:39 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Firesheep/Cain& Able


If you like to fight fire with fire there is fireshepherd.

http://notendur.hi.is/~gas15/FireShepherd/





What should be routing best practices, disable arp poisoning.  (or at least detect and mitigate against)

On Cisco 'ip arp inspection vlan 1'

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3462211/Configure-Your-Catalyst-for-a-More-Secure-Layer-2.htm





Inform and educate users of sites that allow CSRF, XSS, etc.



I.B.

"top posting cause yahoo makes me..."

--- On Mon, 11/1/10, Hudson, Edward <ewhudson () CSUCHICO EDU<mailto:ewhudson () CSUCHICO EDU>> wrote:

From: Hudson, Edward <ewhudson () CSUCHICO EDU<mailto:ewhudson () CSUCHICO EDU>>
Subject: [SECURITY] Firesheep/Cain& Able
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Date: Monday, November 1, 2010, 10:40 AM
In light of the recent attention to “Firesheep” I am wondering if anyone is having issues and how they are addressing?
When used in conjunction with “Cain&Able” it appears able to sniff both wired and wireless traffic for login 
credentials and execute ARP Poisoning.
TIA
EH

Ed Hudson, CISM
Information Security Office
California State University, Chico
www.csuchico.edu/ires/security<http://www.csuchico.edu/ires/security>
Office: (530) 898-6307
Cell: 707-799-3250
ewhudson () csuchico edu<mailto:ewhudson () csuchico edu>

Current thread:

Firesheep/Cain& Able Hudson, Edward (Nov 01)
- Re: Firesheep/Cain& Able SCHALIP, MICHAEL (Nov 01)
- Re: Firesheep/Cain& Able Michael Horne (Nov 01)
- Re: Firesheep/Cain& Able Isac Balder (Nov 01)
  - Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
    - Re: Firesheep/Cain& Able David Gillett (Nov 03)
  - Re: Firesheep/Cain& Able Foerst, Daniel P. (Nov 02)
    - Re: Firesheep/Cain& Able Webb, Justin (Nov 02)
    - Re: Firesheep/Cain& Able Greg Williams (Nov 02)
    - Re: Firesheep/Cain& Able Alex Keller (Nov 02)
- <Possible follow-ups>
- Re: Firesheep/Cain& Able John Ladwig (Nov 01)
- Re: Firesheep/Cain& Able John Ladwig (Nov 02)
- Re: Firesheep/Cain& Able Matt Giannetto (Nov 03)