Re: Strange SSID in the air...

Aloke Prasad <aprasad123@xxxxxxxxxxxxxxxxxxxxxxx> hath wroth:

How would one get a boatfull of viruses simply by using an unsecured
network?

Sigh. If I tell you how it can be done, everyone and his brother, the
script kiddie, is going to be doing the same thing. I really don't
want to be responsible for all the damage that can be done and this is
not the proper place to be discussing exploits in detail.

However, I'll give you a general clue. Think about URL redirection
(splash page) in the router pointing to a rouge web site or server.
Also, open shares. Remember, that since *YOUR* router is now owned by
the evil hacker, there's much more than can be done than on some
random web site on the internet. In effect, the evil router is the
"man in the middle".

I am assuming that one is not indulging in unsafe hex, like
visiting seamy sites or downloading questionable applications etc.

No, it's much easier than that. Incidentally, most of the pioneering
work on what can be done with web pages was done by porno web site
designers.

If I disable file and printer sharing, enable Windows firewall, and use
an updated antivirus, will I be safe when using public Wi-Fi networks?

That covers about 80% of the possible attacks. It will not protect
you against phishing (counterfeit web sites), password sniffing (in
the router), simple trickery, DNS redirection, or a few other things I
don't wanna get into. Again, remember that the evil hacker owns
*YOUR* router (or rather the router that you're using). That opens up
many possibilities.

My question is basically: If I simply connect to such a network, will my
laptop automatically get filled with virus/spyware etc? or do I have to
do something stupid while using the network to allow this occur?

You are probably safe with the security measures mentioned against
everything except password sniffing and faked web sites. In the case
of password sniffing, you don't have to do anything. In the case of
fake web sites, you have to click on something. I don't really want
to describe what my customer did to get a bunch of viruses (actually a
downloader) installed. I'm afraid many of us would have done the same
thing.

Aloke

Here's a cute example. When you sign up for Comcast service, the CMTS
delivers a rather interesting DNS server. It doesn't matter what you
try to lookup, it always points to the Comcast service signup site.
Now pretend that instead of always pointing to the legitimate site, I
setup a static DNS table that points various ecommerce or banking
sites to my handy phishing web server. To you, it looks like
everything is working just fine as most other sites work normally.
However, when you try to do some banking, you get redirected to the
fake site. Whether you can detect the fake site is largely dependent
on your attention to detail and alarms. Most people will not notice
and simply inscribe their login and password.

In short, this potential for abuse and similar potential problems is
why I don't use many private open wireless access points very much.

--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.

Relevant Pages

  • Re: Setting up Remote Desktop web connection in winxp mce to work
    ... Many consumer grade routers do not support that so called loopback test, ie. call the public IP of the router from a PC on the internal LAN. ... The best test is from a remote location. ... Also keep in mind your work network admins may block TCP ... > clicked on default web site and properties. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: What Is IP Routing? And how do I get my own external IP?
    ... And be aware that hosting a web site is in violation ... website hosted on my computer instead of the IP of which my network is. ... Configuring your router to forward HTTP traffic to your ... Please post any reply as a follow-up message in the news group ...
    (microsoft.public.windowsxp.network_web)
  • Re: Strange SSID in the air...
    ... in the router pointing to a rouge web site or server. ... This is a serious problem if people are unable to detect this on public network. ... How do I detect password sniffing in the router? ... everything except password sniffing and faked web sites. ...
    (alt.internet.wireless)
  • RE: sbs 2008 - no Internet access possible to 2nd server
    ... You want to publish a web site on the second server in the SBS domain ... Agree with Larry that it is not a good practice to publish web site in the ... For ensure the network security, ... In your scenarios that you are not sure whether the router can hold ...
    (microsoft.public.windows.server.sbs)
  • Re: Static IP change - no RWW
    ... I ran the CEICW. ... Router Gateway address. ... They do not use the built in Exchange and they do not have a web site. ... now no one can access the network from outside. ...
    (microsoft.public.windows.server.sbs)