[SATLUG] Deli owner wishes to set up own hotspot cheaply

[Samuel Leon]

Bruce Dubbs wrote:
> Samuel Leon wrote:
>
>   
>> Speaking of security, I have a question.  Are there any
>> applications/tools available to help prevent people from running ARP
>> spoofing attacks inside a wireless lan?  I find that this is a common
>> method for gathering user names and passwords.  There are many simple
>> GUI apps out there that make these style of attacks/packet sniffing very
>> easy to carry out.  There used to be a video on a website of a guy
>> running ettercap and sniffing out user names and passwords from various
>> SSL protected webmail sites.  
>>     
>
> I don't know how sniffing at the Link level is any different from the
> Network level.  If you can read the frames, you can read the packets.
> The only difference is the data link header and trailer which has no
> security info.
>
> The comment about sniffing names/passwords over SSL just doesn't ring
> true.  The encryption is done before the packet is encapsulated.  The
> listener would have to be able to crack the encryption to get any useful
> info.
>
>   -- Bruce
>   

Not sure I follow your link level vs network level comment.  Maybe I 
will have to pull out my ccna book...

As far as the SSL sniffing, the encryption is not really cracked.  A 
fake certificate is sent to the victim.  From the ettercap man page:

"SSL MITM ATTACK
       While performing the SSL mitm attack, ettercap substitutes the 
real ssl
       certificate with its own. The fake certificate is created  on  
the  fly
       and  all  the fields are filled according to the real cert 
presented by
       the server. Only the issuer is modified and signed with the 
private key
       contained  in  the etter.sll.crt file. If you want to use a different
       private key you have to regenerate this file"

I haven't figure out how to do it yet though.

Sam