[SATLUG] Deli owner wishes to set up own hotspot cheaply
Bruce Dubbs
bruce.dubbs at gmail.com
Sat Sep 1 22:51:50 CDT 2007
Samuel Leon wrote:
> Speaking of security, I have a question. Are there any
> applications/tools available to help prevent people from running ARP
> spoofing attacks inside a wireless lan? I find that this is a common
> method for gathering user names and passwords. There are many simple
> GUI apps out there that make these style of attacks/packet sniffing very
> easy to carry out. There used to be a video on a website of a guy
> running ettercap and sniffing out user names and passwords from various
> SSL protected webmail sites.
I don't know how sniffing at the Link level is any different from the
Network level. If you can read the frames, you can read the packets.
The only difference is the data link header and trailer which has no
security info.
The comment about sniffing names/passwords over SSL just doesn't ring
true. The encryption is done before the packet is encapsulated. The
listener would have to be able to crack the encryption to get any useful
info.
-- Bruce
More information about the SATLUG
mailing list