Home page logo

pauldotcom logo PaulDotCom mailing list archives

Man-in-the-middle awareness....(+defcon17)
From: irongeek at irongeek.com (Adrian Crenshaw)
Date: Tue, 2 Jun 2009 22:13:59 -0400

Hi Brian,
      DecaffeinatID is more of an IDS. It does nothing to block anything.

On Tue, Jun 2, 2009 at 9:34 PM, Brian H <binarynomad at gmail.com> wrote:

[REPOST APOLOGY]: Sorry if this is a repost, I never saw my original
message hit the list, so I'm trying again.

I just finished watching Adrian's "Hacker Con WiFi Hijinx Video:
Protecting Yourself On Potentially Hostile Networks " which was fun,
and I was happily surprised to see he had started development of an
user end IPS "DecaffeinatID".  It reminded me of  the "Hot Spot
Defense Kit" from the Shmoo group.  Ever since I saw it during a
Defcon presentation, I loved it and I thought it should pretty much be
a standard install with any wireless workstation.  Sadly no
development seems to have gone past that


proof of concept.  It was
useful for Tiger installs, but nothing since.

With the advent of so many MiTM tools out there, it seems that there
are so few defensive ones.  I'm not a programmer, but it just seems so
surprising that more of these haven't been developed.  I realize that
ARP is only one attack vector, and that DNS and DHCP spoofing can also
be employed, but this just seems to be the easy, low hanging fruit
that hasn't been picked off yet.

One's I know of:

- Windows - decaffeinatid - beta development - promising outlook
- Macintosh - Hot Spot Defense Kit (HSDK) - no development - Broken in
Leopard (10.5)
- Macintosh - ArpSpyX - current development? - just found it, have yet
to test
- Linux - Arpwatch - current development - basic command line, not
widget/desktop friendly

What are your experiences on host based protection from MiTM attacks?

Also, speaking of hostile networks, how many people are heading to
Defcon17?  Any possibilities for a meet up?

Brian H
binarynomad at gmail.com
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090602/c8d771d3/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]