[SATLUG] OT: Router-related question

Henry Pugsley henry.pugsley at gmail.com
Wed Feb 10 18:49:07 CST 2010

There are several appliances that proxy HTTPS by basically doing a
man-in-the-middle attack that is virtually undetectable in the browser. If
Cisco and RSA can figure it out, so can a dedicated cracker fishing for bank

Combine DNS spoofing and an SSL attack and your browser will happily show a
green padlock for any valid SSL certificate.  DNS is not authenticated in
any way and is cleartext.

Allowing someone access to layer1 of your network and depending on layer2-7
security to keep you safe is playing with fire.


On Feb 10, 2010 5:04 PM, "Daniel J. Givens" <daniel at rugmonster.org> wrote:

On Wed, 10 Feb 2010 16:15:28 -0600, redpill <toddwbucy at grandecom.net>

> Once your on the network you don't need to get to your laptop or any
> other host. Just wait for ...
That's what HTTPS is for. Anything sensitive traversing the network should
be sent via encrypted connections.


SATLUG mailing list
SATLUG at satlug.org

More information about the SATLUG mailing list