Re: Wifi Security

[Jim Popovitch <jimpop () yahoo com>]

Randy Bush wrote:
> > As others pointed out (to me as well), for a _man in the middle_ attack 
> > (e.g. impersonating www.paypal.com) it is necessary to play ARP games or 
> > otherwise insert yourself in the flow of traffic.
>
> not really.  you just need to be there first with a bogus, redirecting,
> dns response.

I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in 
hotels and airports that was setup for "co_presidents_club", 
"starbucks", "t-mobile" AND "tmobile", "corporate", etc.  I've often 
wondered if those users were really being malicious, plain stupid, or 
were carrying around a laptop "owned" by someone else.  Either way, 
there are PLENTY of systems out there pretending to be something they 
aren't.  I often try to connect to them and get some data, but most 
either won't give an IP, or if they do, they don't forward packets or 
respond with anything worthwhile.  I run a pretty tight system, so 
perhaps those faux APs are trying to detect other configs (Client for 
MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).

-Jim P.