[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Wireless ISPs

To: Frank Knobbe <frank@xxxxxxxxx>
Subject: Re: [Full-Disclosure] Wireless ISPs
From: D B <geggam692000@xxxxxxxxx>
Date: Tue, 11 May 2004 14:15:54 -0700 (PDT)

--- Frank Knobbe <frank@xxxxxxxxx> wrote:
> On Tue, 2004-05-11 at 13:33, D B wrote:
> > All transactions done via secure websites are
> secure,
> 
> No, they are not. It's just harder to intercept the
> data.

The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most peoples scope of
abilities
> 
> > A wired internet connection
> > limits the number of people who have access to
> this
> > data simply by the nature of the internet putting
> it
> > within acceptable risk.
> 
> Same can be said for wireless. (Except that the
> perimeter of the attack
> arena is defined by the wireless emissions instead
> of cable runs.)

... look at the aspect of what points does one have to
have access to gain the amount of data on a wired
network in comparison to the same level on a wireless
AP... unless you can spoof to the gateways IP  / MAC
or actually get access to the gateway it isnt
possible, and on a switched network odds are if you
spoof to that MAC  / IP you will confuse the network
enough to be noticeable

a high gain antenna attached to a laptop / PDA and a
wireless AP such as an internet provider would mount
would give access in some cases up to 17 miles away
with no trace ....without a high gain antenna im
getting ranges of about a half a  mile away ... plus
spoofing to the gateways IP isnt noticeable to anyone
unless they are watching that gateways logs complain
about a duplicate IP /MAC ( yes i did try this on my
own AP )

> 
> Maybe, INAL. But it is illegal to commit fraud with
> the data gathered by
> eavesdropping.
>

and someone after credit card #'s is worried about
legal ?

> 
> Uhm... someone that accesses and uses the data is
> already prosecutable.

point being it is preventable and not being done so
... or at least preventable to a level beyond the
scope of running a program and watching the data flow

netstumbler on windows is quite simple to run

all I am after is raising the level of knowledge
needed to access the data beyond that of an 8 year old
with windows on a laptop running netstumbler and a
wifi card

do u not agree this would be prudent ?

Dan Becker

__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Wireless ISPs
  - From: Frank Knobbe
- Re: [Full-Disclosure] Wireless ISPs
  - From: Scott Taylor
- Re: [Full-Disclosure] Wireless ISPs
  - From: Ron DuFresne

References:
- Re: [Full-Disclosure] Wireless ISPs
  - From: Frank Knobbe

Prev by Date: Re: [Full-Disclosure] Wireless ISPs
Next by Date: Re: [Full-Disclosure] Wireless ISPs
Previous by thread: Re: [Full-Disclosure] Wireless ISPs
Next by thread: Re: [Full-Disclosure] Wireless ISPs
Index(es):
- Date
- Thread