Strange SSID in the air...

Aloke Prasad hath wroth:

Good question. No. It won't be detected at all:

Try the test site at:

The problem is that Firefox, IE, Norton, etc require a list of "known phishing sites" to be effective. Chances that a coffee shop web site was reported and verified to be a phishing site is zero.

Sigh. Another good question. Probably not detectable. The problem with a hacker controlled router at the user end is that there's no way to verify that DNS lookups actually point to the real web site.

You can test the problem easily on your own machine. First, clear the DNS cache with: start -> run -> cmd ipconfig /flushdns Under XP or W2K go to the hosts file at: C:\\WINNT\\system32\\drivers\\etc\\hosts Add a line at the bottom of the hosts file with: 74.125.19.147

formatting link
The IP address is one of Googles many servers. Now, fire up your favorite browser and go to:
formatting link
what? You went to Google instead. No warning, no indication that it's been redirected, and everything looks just fine. Note that some anti-virus and anti-spyware programs will detect changes to the hosts file, but that's not the point. This is just a simulation of what can be done by manipulating DNS. If this were the real thing, the changes would be made in the router, where the anti-whatever program would not be able to see or detect anything. When you're done tinkering and testing, run: ipconfig /flushdns to clear the bogus entries from your machine.

Assumption, the mother of all screwups. In this case, we have to assume that they are professionally administered by a competent service company with an active concern for the security of their customers data. It would not due to have the lack of adequate protection precipitate an identity theft, and have the customer turn around and sure the provider. I think that's a fair assumption for most large hotspots.

However, it is NOT a good assumption for the do it thyself variety found in hotels, coffee shops, and in particular home users. If you must use one of these, kindly invest in a VPN/SSL/TLS tunneling service:

Or arrange something with your ISP.

You can't. Passive sniffing does not require the sniffer to send any data. If the data moving on the wireless or wired part of the network are unencrypted, sniffing is trivial. Even if the wireless part were encrypted, it would still be possible to sniff the traffic in the backhaul or at the wired connection.

Again, you can't. The government requires ISP's to provide sniffing services to fight crime or some such rubbish.

You'll lose your bet. Most large web sites have a number of gateway servers, all over the world. They're controlled by a load balancer which usually delivers the IP address of a server with minimal utilization for new connection requests. The idea is to prevent users from overloading one server, while another remains under-utilized. This is most often done with DNS redirection, which prevents you from using a static IP address. You can go to a site by IP address, but then there's no guarantee that you won't hit a very busy server, or one that is temporarily down for maintenance or backups. It also gets really complicated if your ISP is running anycast DNS servers, where the IP address of the DNS server can also change.

C:\\>nslookup Default Server: DD-WRT Address: 192.168.1.1 > set type=A >

formatting link
Server: DD-WRT Address: 192.168.1.1

Non-authoritative answer: Name:

formatting link
Addresses: 74.125.19.147, 74.125.19.104, 74.125.19.99, 74.125.19.103 Aliases:
formatting link

4 different IP addresses for Google. If I try it later tonite, it will probably be a different collection.

You can't detect sniffing. Make sure you never send you password in the clear. That means you have to go through a long list of really dumb applications that are not very smart about encrypting passwords. In particular, telnet, ftp, POP3, authenticated SMTP, and various web forms. Take each application INDIVIDUALLY and determine exactly how it deals with passwords. Also realize that your "saved passwords" is a perfect target for hackers. I have 400 passwords, so it's impossible to use unique passwords for all of these accounts. So, divide up the list by priority. Anything that involves a movement of money or might cause problems with identity theft if leaked gets:

  1. A unique non-dictionary pronounceable password.
  2. Does NOT get saved on my various machines.
  3. Is stored on my removable USB dongle. Both the file and the entire dongle are encrypted.
  4. Backed up to an identical USB dongle and buried in my safe deposit box.
  5. The really important (banking, finance, medical) passwords get changed regularly.
Reply to
Jeff Liebermann
Loading thread data ...

Gee.. You have taken all the fun out of using WiFi on the road :-)

Seriously, thanks for all your replies. It has been a learning experience.

Aloke

-- Remove > Aloke Prasad hath wroth:

Reply to
Aloke Prasad

Aloke Prasad hath wroth:

Well, I use wireless on the road. However, I cheat. I have a VPN or PPTP termination on my office router, home router, and various ISP's. Here's an example of one ISP's setup:

Everything outside the tunnel is encrypted and un-sniffable. Doing this to my home or office router is a problem due to limited outgoing bandwidth. It's really slow. However, for just checking if some email I was expecting, it's fine.

Thanks. If you understand how such things work, you can easily avoid problems. If you just trust in the odds, in luck, or in marginal security suggestions, without an understanding of how it works, you're going to have a problem. The problem is that the various layers, acronyms, protocols, add-ons, shims, supplicants, AAA, and buzzwords are becoming very difficult to absorb. I've been doing this for a long time, so I get to absorb new things in small bites. Someone just getting started gets instantly overwhelmed. Learning is a good thing, but don't blame yourself if it goes together like a bad jigsaw puzzle.

Reply to
Jeff Liebermann

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.