nanog mailing list archives
Re: Wifi Security
From: "Patrick W. Gilmore" <patrick () ianai net>
Date: Mon, 21 Nov 2005 09:47:21 -0500
On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:
So my question is pretty simple. You have all these major companies such as google/earthlink/sprint/etc. building wifi networks. Lets say I wantto collect peoples information so I setup an AP with the same ssid asgoogle's ap so people connect to it and I log all of their traffic. Mostpeople won't check beyond the ssid to look at the mac address but even that could be spoofed. Is there anyway to verify a certain ap beyond mac/ssid, will there be in the future? How do these companies plan tomitigate this threat or are they just going to hope consumers are smartenough to figure it out?
Why would you even need to set up an AP? Why not just sit and sniff traffic? Gets you the _exact_ same information.
And why worry about Google, etc., when Starbucks and airports have been doing this for _years_?
Lastly, most consumers are smart enough to know to use encryption (the little pad-lock in their browser). Some aren't. Changing the WiFi architecture is not going to save those who aren't.
-- TTFN, patrick
Current thread:
- Wifi Security Ross Hosman (Nov 21)
- Re: Wifi Security Patrick W. Gilmore (Nov 21)
- Re: Wifi Security Ross Hosman (Nov 21)
- Re: Wifi Security Stephen J. Wilcox (Nov 21)
- Re: Wifi Security Niels Bakker (Nov 21)
- Re: Wifi Security Christian Kuhtz (Nov 21)
- Re: Wifi Security Christopher L. Morrow (Nov 21)
- Re: Wifi Security Ross Hosman (Nov 21)
- Re: Wifi Security Stephen J. Wilcox (Nov 21)
- Re: Wifi Security Joel Jaeggli (Nov 21)
- Re: Wifi Security Niels Bakker (Nov 21)
- Re: Wifi Security Randy Bush (Nov 21)
- Re: Wifi Security Patrick W. Gilmore (Nov 21)