Full Disclosure mailing list archives

Re: Wireless ISPs

From: D B <geggam692000 () yahoo com>
Date: Tue, 11 May 2004 14:15:54 -0700 (PDT)


--- Frank Knobbe <frank () knobbe us> wrote:

On Tue, 2004-05-11 at 13:33, D B wrote:

All transactions done via secure websites are

secure,

No, they are not. It's just harder to intercept the
data.


The level of knowledge it takes to penetrate a SSL
style transaction puts it beyond most peoples scope of
abilities

A wired internet connection
limits the number of people who have access to

this

data simply by the nature of the internet putting

it

within acceptable risk.


Same can be said for wireless. (Except that the
perimeter of the attack
arena is defined by the wireless emissions instead
of cable runs.)


... look at the aspect of what points does one have to
have access to gain the amount of data on a wired
network in comparison to the same level on a wireless
AP... unless you can spoof to the gateways IP  / MAC
or actually get access to the gateway it isnt
possible, and on a switched network odds are if you
spoof to that MAC  / IP you will confuse the network
enough to be noticeable

a high gain antenna attached to a laptop / PDA and a
wireless AP such as an internet provider would mount
would give access in some cases up to 17 miles away
with no trace ....without a high gain antenna im
getting ranges of about a half a  mile away ... plus
spoofing to the gateways IP isnt noticeable to anyone
unless they are watching that gateways logs complain
about a duplicate IP /MAC ( yes i did try this on my
own AP )


Maybe, INAL. But it is illegal to commit fraud with
the data gathered by
eavesdropping.


and someone after credit card #'s is worried about
legal ?


Uhm... someone that accesses and uses the data is
already prosecutable.


point being it is preventable and not being done so
... or at least preventable to a level beyond the
scope of running a program and watching the data flow

netstumbler on windows is quite simple to run


all I am after is raising the level of knowledge
needed to access the data beyond that of an 8 year old
with windows on a laptop running netstumbler and a
wifi card

do u not agree this would be prudent ?


Dan Becker




        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Wireless ISPs D B (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
  - Re: Wireless ISPs D B (May 11)
    - Re: Wireless ISPs Frank Knobbe (May 11)
    - Re: Wireless ISPs Scott Taylor (May 11)
    - Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs Maarten (May 11)
  - Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Konstantin Gavrilenko (May 11)
- <Possible follow-ups>
- Re: Wireless ISPs D B (May 11)
  - Re: Wireless ISPs Sean Milheim (May 11)
    - Re: Wireless ISPs Jeff Workman (May 11)
    - Re: Wireless ISPs Maarten (May 11)

(Thread continues...)