Re: Wifi Security

["Stephen J. Wilcox" <steve () telecomplete co uk>]

On Mon, 21 Nov 2005, Patrick W. Gilmore wrote:

> On Nov 21, 2005, at 9:42 AM, Ross Hosman wrote:
>
> > So my question is pretty simple. You have all these major companies such as
> > google/earthlink/sprint/etc. building wifi networks. Lets say I want to
> > collect peoples information so I setup an AP with the same ssid as google's
> > ap so people connect to it and I log all of their traffic.  Most people
> > won't check beyond the ssid to look at the mac address but even that could
> > be spoofed. Is there anyway to verify a certain ap beyond mac/ssid, will
> > there be in the future? How do these companies plan to mitigate this threat
> > or are they just going to hope consumers are smart enough to figure it out?
>
> Why would you even need to set up an AP?  Why not just sit and sniff traffic?  
> Gets you the _exact_ same information.

man in the middle is easier if you are the gateway, no need to steal arp

> And why worry about Google, etc., when Starbucks and airports have been doing
> this for _years_?

yup

> Lastly, most consumers are smart enough to know to use encryption (the little
> pad-lock in their browser).  Some aren't.  Changing the WiFi architecture is
> not going to save those who aren't.

'most consumers' .. cmon, less than one percent.. seriously.. ymmv tho, eg at 
airports you stand a higher chance of sniffing a vpn connection but as has been 
demonstrated many times, even us techies havent got our heads around encryption 
yet.

heres some fun, next time you're at nanog or your favourite geek conference, 
just run 'tcpdump -w - -s1500 -nn|strings|grep -i password' and be prepared to 
hit scroll lock ;)

Steve