Aloke Prasad hath wroth:
Good question. No. It won't be detected at all:
Try the test site at:
The problem is that Firefox, IE, Norton, etc require a list of "known phishing sites" to be effective. Chances that a coffee shop web site was reported and verified to be a phishing site is zero.
Sigh. Another good question. Probably not detectable. The problem with a hacker controlled router at the user end is that there's no way to verify that DNS lookups actually point to the real web site.
You can test the problem easily on your own machine. First, clear the DNS cache with: start -> run -> cmd ipconfig /flushdns Under XP or W2K go to the hosts file at: C:\\WINNT\\system32\\drivers\\etc\\hosts Add a line at the bottom of the hosts file with: 74.125.19.147
Assumption, the mother of all screwups. In this case, we have to assume that they are professionally administered by a competent service company with an active concern for the security of their customers data. It would not due to have the lack of adequate protection precipitate an identity theft, and have the customer turn around and sure the provider. I think that's a fair assumption for most large hotspots.
However, it is NOT a good assumption for the do it thyself variety found in hotels, coffee shops, and in particular home users. If you must use one of these, kindly invest in a VPN/SSL/TLS tunneling service:
Or arrange something with your ISP.
You can't. Passive sniffing does not require the sniffer to send any data. If the data moving on the wireless or wired part of the network are unencrypted, sniffing is trivial. Even if the wireless part were encrypted, it would still be possible to sniff the traffic in the backhaul or at the wired connection.
Again, you can't. The government requires ISP's to provide sniffing services to fight crime or some such rubbish.
You'll lose your bet. Most large web sites have a number of gateway servers, all over the world. They're controlled by a load balancer which usually delivers the IP address of a server with minimal utilization for new connection requests. The idea is to prevent users from overloading one server, while another remains under-utilized. This is most often done with DNS redirection, which prevents you from using a static IP address. You can go to a site by IP address, but then there's no guarantee that you won't hit a very busy server, or one that is temporarily down for maintenance or backups. It also gets really complicated if your ISP is running anycast DNS servers, where the IP address of the DNS server can also change.
C:\\>nslookup Default Server: DD-WRT Address: 192.168.1.1 > set type=A >
Non-authoritative answer: Name:
You can't detect sniffing. Make sure you never send you password in the clear. That means you have to go through a long list of really dumb applications that are not very smart about encrypting passwords. In particular, telnet, ftp, POP3, authenticated SMTP, and various web forms. Take each application INDIVIDUALLY and determine exactly how it deals with passwords. Also realize that your "saved passwords" is a perfect target for hackers. I have 400 passwords, so it's impossible to use unique passwords for all of these accounts. So, divide up the list by priority. Anything that involves a movement of money or might cause problems with identity theft if leaked gets:
- A unique non-dictionary pronounceable password.
- Does NOT get saved on my various machines.
- Is stored on my removable USB dongle. Both the file and the entire dongle are encrypted.
- Backed up to an identical USB dongle and buried in my safe deposit box.
- The really important (banking, finance, medical) passwords get changed regularly.