Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Joel Jaeggli
  • Date: Mon Nov 21 12:50:03 2005


On Mon, 21 Nov 2005, Ross Hosman wrote:

So my question is pretty simple. You have all these major companies such
as google/earthlink/sprint/etc. building wifi networks. Lets say I want
to collect peoples information so I setup an AP with the same ssid as
google's ap so people connect to it and I log all of their traffic. Most
people won't check beyond the ssid to look at the mac address but even
that could be spoofed. Is there anyway to verify a certain ap beyond
mac/ssid, will there be in the future? How do these companies plan to
mitigate this threat or are they just going to hope consumers are smart
enough to figure it out?
What do you learn by looking at someone's ipsec, ssl-wrappered, or ssh tunneled traffic?

Clear-text data-streams have the same liability almost everywhere (in the public sphere), so if you want to move data that has any importance at all you protect the data end-to-end.

Ross Hosman
Network/Systems Administrator
E: rhosman@corp.hometel.com
P: 618-644-2111 x 238
C: 314-898-3381
Y!: rosshosman


--
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja@darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.