Bill East on 24 Dec 2008 13:59:16 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] https and wireless computing




On 12/24/08, Toby DiPasquale <toby@cbcg.net> wrote:

There are two problems with this attack working in real life, however:
<snip>

2. While DNS spoofing is somewhat possible, IP spoofing is difficult
to pull off in real life and I can't imagine that ARP poisoning could
work on a wireless link. This is because ARP poisoning requires that
the victim *only receive* the ARP responses from the attacker, not the
real source, and there's no way to ensure that on a wireless link. IP
spoofing is difficult for similar reasons: the computer with that IP
"for real" could very well respond before the attacker.

I'll add in, if you are on the road you could be at risk. An attacker spoofing a legitimate Wifi point (or simply leaving an open network in a tempting location, like close to a Star$s) can allow all traffic to pass through except for FooBank Ltd., this traffic gets routed to the attacker's phishing site (his network, his DNS). As far as SSL MITM, I saw a couple years back where the fraudster directed victims to "click on our secured link" - said link of course was not https; the attacker simply put a graphic of the IE "lock" icon on the bottom of his page. It took me one or two looks to figure out what was wrong with it, the first time.
 

In short, your real-world exposure to this particular attack is very
small, at best. Does this answer your question?

I agree with you there. Criminals go for low-hanging fruit first.


___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug