Educause Security Discussion mailing list archives
Re: Firesheep/Cain& Able
From: Alex Keller <alkeller () SFSU EDU>
Date: Tue, 2 Nov 2010 11:55:51 -0700
re: Has anyone run Firesheep to see that it does what it claims? for a switched wired network you will need to perform ARP poisoning otherwise your adapter will only see unicast (and broadcast) traffic intended for it. for wireless (unencrypted) on the Windows side it will require a wireless card (and driver) that supports promiscuous mode, unfortunately the majority of onboard wireless adapters on Windows laptops don't support this feature. my testing indicates Firesheep works out of the box for wireless hijacking on Intel based iMacs and MacBooks running 10.6.x. there are some troubleshooting tips here (a third the way down the page): http://codebutler.com/ best, alex On 11/2/2010 11:08 AM, Foerst, Daniel P. wrote:
Hey all, Has anyone run Firesheep to see that it does what it claims? I have run it both on a Windows XP box (with WinPCAP) and OS X and in each case I have not gathered any data outside of sites that I have visited myself. Perhaps I am misunderstanding what this application does. I am connected to an open network, heck both laptops are on the same network, same ssid, same AP even. Thanks! -dan *From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Isac Balder *Sent:* Monday, November 01, 2010 12:39 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Firesheep/Cain& Able If you like to fight fire with fire there is fireshepherd. http://notendur.hi.is/~gas15/FireShepherd/ <http://notendur.hi.is/%7Egas15/FireShepherd/> What should be routing best practices, disable arp poisoning. (or at least detect and mitigate against) On Cisco 'ip arp inspection vlan 1' http://www.enterprisenetworkingplanet.com/netsecur/article.php/3462211/Configure-Your-Catalyst-for-a-More-Secure-Layer-2.htm Inform and educate users of sites that allow CSRF, XSS, etc. I.B. "top posting cause yahoo makes me..." --- On *Mon, 11/1/10, Hudson, Edward /<ewhudson () CSUCHICO EDU <mailto:ewhudson () CSUCHICO EDU>>/* wrote: From: Hudson, Edward <ewhudson () CSUCHICO EDU <mailto:ewhudson () CSUCHICO EDU>> Subject: [SECURITY] Firesheep/Cain& Able To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> Date: Monday, November 1, 2010, 10:40 AM In light of the recent attention to “Firesheep” I am wondering if anyone is having issues and how they are addressing? When used in conjunction with “Cain&Able” it appears able to sniff both wired and wireless traffic for login credentials and execute ARP Poisoning. TIA EH Ed Hudson, CISM Information Security Office California State University, Chico www.csuchico.edu/ires/security <http://www.csuchico.edu/ires/security> Office: (530) 898-6307 Cell: 707-799-3250 ewhudson () csuchico edu <mailto:ewhudson () csuchico edu>
-- Alex Keller Systems Administrator Academic Technology, San Francisco State University Office: Burk Hall 153 Phone: (415)338-6117 Email: alkeller () sfsu edu
Current thread:
- Firesheep/Cain& Able Hudson, Edward (Nov 01)
- Re: Firesheep/Cain& Able SCHALIP, MICHAEL (Nov 01)
- Re: Firesheep/Cain& Able Michael Horne (Nov 01)
- Re: Firesheep/Cain& Able Isac Balder (Nov 01)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- Re: Firesheep/Cain& Able David Gillett (Nov 03)
- Re: Firesheep/Cain& Able Foerst, Daniel P. (Nov 02)
- Re: Firesheep/Cain& Able Webb, Justin (Nov 02)
- Re: Firesheep/Cain& Able Greg Williams (Nov 02)
- Re: Firesheep/Cain& Able Alex Keller (Nov 02)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- <Possible follow-ups>
- Re: Firesheep/Cain& Able John Ladwig (Nov 01)
- Re: Firesheep/Cain& Able John Ladwig (Nov 02)
- Re: Firesheep/Cain& Able Matt Giannetto (Nov 03)