Re: Wifi Security

[Joel Jaeggli <joelja () darkwing uoregon edu>]

On Mon, 21 Nov 2005, Jim Popovitch wrote:

> Randy Bush wrote:
> > > As others pointed out (to me as well), for a _man in the middle_ attack 
> > > (e.g. impersonating www.paypal.com) it is necessary to play ARP games or 
> > > otherwise insert yourself in the flow of traffic.
> >
> > not really.  you just need to be there first with a bogus, redirecting,
> > dns response.
>
> I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in 
> hotels and airports that was setup for "co_presidents_club", "starbucks", 
> "t-mobile" AND "tmobile", "corporate", etc.  I've often wondered if those 
> users were really being malicious, plain stupid, or were carrying around a 
> laptop "owned" by someone else.

They were configured with a specific ssid at one point and are now 
beaconing in adhoc mode becasue they can't find that ssid. Crappy driver 
implentation is that root cause of that.

> Either way, there are PLENTY of systems out 
> there pretending to be something they aren't.  I often try to connect to them 
> and get some data, but most either won't give an IP, or if they do, they 
> don't forward packets or respond with anything worthwhile.

Dumb users in adhoc mode.

> I run a pretty 
> tight system, so perhaps those faux APs are trying to detect other configs 
> (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc).

No they're just poor clueless users with bad software.

> -Jim P.

--
--------------------------------------------------------------------------
Joel Jaeggli           Unix Consulting         joelja () darkwing uoregon edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2