Re: Strange SSID in the air...
- From: Aloke Prasad <aprasad123@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 22 Jul 2007 15:14:51 -0400
Jeff Liebermann wrote:
Aloke Prasad <aprasad123@xxxxxxxxxxxxxxxxxxxxxxx> hath wroth:
How would one get a boatfull of viruses simply by using an unsecured network?
Sigh. If I tell you how it can be done, everyone and his brother, the
script kiddie, is going to be doing the same thing. I really don't
want to be responsible for all the damage that can be done and this is
not the proper place to be discussing exploits in detail.
However, I'll give you a general clue. Think about URL redirection
(splash page) in the router pointing to a rouge web site or server.
Also, open shares. Remember, that since *YOUR* router is now owned by
the evil hacker, there's much more than can be done than on some
random web site on the internet. In effect, the evil router is the
"man in the middle".
URL redirection: will some of the anti-phishing features in Firefox or IE7 help in this case? This is a serious problem if people are unable to detect this on public network.
How can I verify if any of this is happening on my home network (with the cable modem assigning Gateway+DNS to the Linksys router etc.)?
....
If I disable file and printer sharing, enable Windows firewall, and use an updated antivirus, will I be safe when using public Wi-Fi networks?
That covers about 80% of the possible attacks. It will not protect
you against phishing (counterfeit web sites), password sniffing (in
the router), simple trickery, DNS redirection, or a few other things I
don't wanna get into. Again, remember that the evil hacker owns
*YOUR* router (or rather the router that you're using). That opens up
many possibilities.
Is the "Evil hacker owning the router" scenario applicable for public routers at airports, Starbucks etc?While those are administered by professionals (I hope), I suppose it is safest to assume that they could be compromised.
How do I detect password sniffing in the (public) router? I'm assuming that this will not happen on my home router (WRT54GS). What about my ISP's router? How do I detect password sniffing in general?
My question is basically: If I simply connect to such a network, will my laptop automatically get filled with virus/spyware etc? or do I have to do something stupid while using the network to allow this occur?
You are probably safe with the security measures mentioned against
everything except password sniffing and faked web sites. In the case
of password sniffing, you don't have to do anything. In the case of
fake web sites, you have to click on something. I don't really want
to describe what my customer did to get a bunch of viruses (actually a
downloader) installed. I'm afraid many of us would have done the same
thing.
What If I save a bunch of bookmarks (like the bank's login page) with IP addresses instead of domain names. I bet the IP addresses of commercial pages don't change that often.
Password sniffing has me worried, though. How to detect/deal with that?
Aloke
--
remove the numbers and invalid to e-mail me
.
- Follow-Ups:
- Re: Strange SSID in the air...
- From: Jeff Liebermann
- Re: Strange SSID in the air...
- References:
- Strange SSID in the air...
- From: Eric
- Re: Strange SSID in the air...
- From: dold
- Re: Strange SSID in the air...
- From: Jeff Liebermann
- Re: Strange SSID in the air...
- From: Bert Hyman
- Re: Strange SSID in the air...
- From: Jeff Liebermann
- Re: Strange SSID in the air...
- From: Aloke Prasad
- Re: Strange SSID in the air...
- From: Jeff Liebermann
- Strange SSID in the air...
- Prev by Date: Re: Frequent disconnects from router issue
- Next by Date: Re: Want to access my connection from about 2-3 blocks away
- Previous by thread: Re: Strange SSID in the air...
- Next by thread: Re: Strange SSID in the air...
- Index(es):
Relevant Pages
|
