Re: [PLUG] Wpa2 oops

Rich Freeman on 16 Oct 2017 05:37:13 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Wpa2 oops

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Wpa2 oops
Date: Mon, 16 Oct 2017 05:37:04 -0700
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=QbYJVxW495g1Vs5nBZzMoidhPiRVkJq9Z0XqNFCHptY=; b=gkMQ8gj7vBmWFcv8vI6WcIx5zZncB8jmDOwj70A+WsSJ1wrewn0dDMy3TOJUdiIPyk Go71hQSMTZhDym4HV8OFNh5RekjIo8R3YDof1AzYdyDKs0hb6rOO3II0NDF6ew49e6r5 fmEDNqzgFTymBoEK/+eO8GaTePvq9ruGWNrTjSKp9vXIZkmtwpsW+oycZrxjt+IOVRcN kPqXdWDm4fPc7RdUyGusz+2+UJDcCyXAz/kZmkAopqTXofmhLixaU8K6Wv2rFIZef+fh Wo+OCWwIncX+pVN2p8RQHsSpY1rfp+wzpfkVY5I402kBQXFXRRtMZZg/18OU23p3gfAt pjgA==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Mon, Oct 16, 2017 at 12:44 AM, Paul Walker <pjwalker76@gmail.com> wrote:
> https://www.eff.org/https-everywhere
>

That obviously it goes a long way, though it is limited to https via a
browser with a plugin, which isn't the only traffic your device is
going to send over WiFi.

If you connect to a coffee shop AP somebody might play with your DHCP
handshake so that you end up being directed to a hostile DNS server.
I don't think DNS itself is authenticated in typical use, so they
could probably also tamper with that even if they don't send you to
their server.

The one question I have about this is whether somebody can use this
attack to connect to an AP.  That is actually my biggest concern -
somebody connecting to my home WiFi and now they're free to attack
random hosts (some more secure than others), and also to send
heaven-knows-what to the internet at large with my door being the one
the FBI kicks down at 2AM.

It also sounds like this is a problem with the protocol itself - just
patching my routers/etc isn't going to help me, as I'd basically need
a "WPA3" that is incompatible with everything I already own.

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Wpa2 oops
  - From: KP <kperry@daotechnologies.com>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>

References:
- [PLUG] Wpa2 oops
  - From: jeffv <jeffv@op.net>
- Re: [PLUG] Wpa2 oops
  - From: brent timothy saner <brent.saner@gmail.com>
- Re: [PLUG] Wpa2 oops
  - From: Paul Walker <pjwalker76@gmail.com>

Prev by Date: Re: [PLUG] Wpa2 oops
Next by Date: [PLUG] [plug-announce] REMINDER: Tonight, Mon, Oct 16, 2017: PLUG West - "Object Storage 101" by Andy Wojnarek
Previous by thread: Re: [PLUG] Wpa2 oops
Next by thread: Re: [PLUG] Wpa2 oops
Index(es):
- Date
- Thread