Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Joel Jaeggli
  • Date: Mon Nov 21 12:53:44 2005

On Mon, 21 Nov 2005, Stephen J. Wilcox wrote:

On Mon, 21 Nov 2005, Patrick W. Gilmore wrote:

On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:

So my question is pretty simple. You have all these major companies such as
google/earthlink/sprint/etc. building wifi networks. Lets say I want to
collect peoples information so I setup an AP with the same ssid as google's
ap so people connect to it and I log all of their traffic.  Most people
won't check beyond the ssid to look at the mac address but even that could
be spoofed. Is there anyway to verify a certain ap beyond mac/ssid, will
there be in the future? How do these companies plan to mitigate this threat
or are they just going to hope consumers are smart enough to figure it out?
Why would you even need to set up an AP?  Why not just sit and sniff traffic?
Gets you the _exact_ same information.
man in the middle is easier if you are the gateway, no need to steal arp
you don't have to steal arp on a wireless network, you just sniff the frames as they go by.

And why worry about Google, etc., when Starbucks and airports have been doing
this for _years_?
yup

Lastly, most consumers are smart enough to know to use encryption (the little
pad-lock in their browser).  Some aren't.  Changing the WiFi architecture is
not going to save those who aren't.
'most consumers' .. cmon, less than one percent.. seriously.. ymmv tho, eg at
airports you stand a higher chance of sniffing a vpn connection but as has been
demonstrated many times, even us techies havent got our heads around encryption
yet.

heres some fun, next time you're at nanog or your favourite geek conference,
just run 'tcpdump -w - -s1500 -nn|strings|grep -i password' and be prepared to
hit scroll lock ;)

Steve


--
--------------------------------------------------------------------------
Joel Jaeggli  	       Unix Consulting 	       joelja@darkwing.uoregon.edu
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.