[YLUG] Solving a general wireless security problem
Arthur Clune
arthur at clune.org
Mon Jun 9 22:26:48 BST 2008
On 9 Jun 2008, at 20:50, mike cloaked wrote:
> So the question is: How can a knowledgeable linux laptop user set up
> his laptop to prevent such a man-in-the-middle attack via a spoofed
> open AP? I never run wireless connections to Open APs but many do of
> course.
In general you can't prevent MiM attacks, only detect them e.g. you
can't stop someone arp spoofing the router on your local network (your
switch can but you can't), but you can detect the change of mac of the
gateway.
Similarly for the situation you envisage: you should be able to spot
the change/lack of certificate for the bank (the most obvious and easy
thing to spot) and then run away very fast.
If you're in a coffee shop you've never been to before and using an
open network (so no certificate to check for the network itself),
certificate checks on the sites themselves are the best bet.
You can also check for the same network appearing on multiple
channels, but this can be legitimate (though it's not likely in your
local coffee shop!)
Arthur
More information about the York
mailing list