Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Re: Sneaking a peek on Wlan in airports
From: killy <killfactory () gmail com>
Date: Fri, 18 May 2007 10:28:59 -0400

ROFL, that is exactly what I was thinking.

This is a sticky situation really.

Jason,

I have not always agreed with the idea that this is intercepting communications.

If you were to do an arp poisoning or someother MITM ;) attack, then
yes i agree that that is intercepting.

But if you are in promiscuous mode wirelessly, that is kind of like
over hearing a conversation happening in an elevator.

I know that may not stand up in court, but I have always thought that.

Now with that being said, to run some HIDS on you wireless connection
is almost the same right?

So, to protect my self I run in promiscuous mode and I have to evalute
the traffic that is broadcasting and being received by my NIC. I
didn't ask for the traffic to touch my NIC, but it does. So, now a
flase positive is triggered and packets are logged. Not that false
positives ever happen ;-). So am I now in trouble because I picked up
some SMB traffic and it was inaccurately logged and maybe I logged a
sensitive file being transfered?

Maybe I am just a wacko..lol

But this is a fun topic.

-kill

On 5/17/07, alan <alan () clueserver org> wrote:
On Thu, 17 May 2007, ebk_lists () hotmail com wrote:

> I agree wholeheartedly with this view.
>
> Not much else to say!
>
> If you really feel it is necessary, than trying to advise the person/company of the issue anonymously is an option. 
Depending on the nature and severity of the issue.

Maybe the airport needs a "Wall of Sheep".

--
"ANSI C says access to the padding fields of a struct is undefined.
ANSI C also says that struct assignment is a memcpy. Therefore struct
assignment in ANSI C is a violation of ANSI C..."
                                  - Alan Cox

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------




--
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault