Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Wireless ISP DNS

from [Bart . Lansing] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Wireless ISP DNS
Date: Fri, 28 May 2004 14:06:40 -0500 

Dan,

I don't know if we've progressed beyond hemlock...but we should have 
progressed to MAC filtering, rotating WEP keys, VLANing/IPSECing/VPNing 
traffic...and maybe even to things like using certificates issued to 
wireless devices AND servers to validate them as well.  Nothing is 
foolproof, but there are a lot more layers out there than simple IP 
filtering.  Of course, as always, it is the repsonsibility of those who 
are vulnerable to make themselves less so...but it's not quite as bleak a 
landscape as you paint it to be.

Cheers

Bart Lansing
Manager, Desktop Services
Kohl's IT


full-disclosure-admin@lists.netsys.com wrote on 05/28/2004 12:18:42 PM:


I'm not going to explain the details of networking, I
assume if people subscribe they have a base knowledge.

Exploit: 

Wireless networking is simple to sp00f IPs and it
would be trivial to setup a DNS server on a laptop
then sp00f the IP to match that of the ISPs DNS server
and cause a wee bit of misdirection for the network.

Update Re my wireless "crusade" : I have garnered the
attention of the Illinois States Atty Generals office.
We shall see if people with knowledge are locked up
instead of given hemlock these days, or does anyone
think we have progressed beyond that?

Dan Becker





__________________________________
Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.
http://messenger.yahoo.com/ 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



CONFIDENTIALITY NOTICE: 
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of 
the contents of this message is expressly prohibited.
If you have received this transmission in error, please destroy it and notify 
us immediately at 262-703-7000.

CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the 
right to retrieve and read any message created, sent and received.  Kohl's 
reserves the right to monitor messages by authorized Kohl's Associates at any 
time
without any further consent.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] Re: Bypassing "smart" IDSes with misdirected frames? (long and boring), Mike Frantzen
Next by Date:  RE: [Full-Disclosure] http://www.chase.com/ vulnerability, Schmidt, Michael R.
Previous by Thread:  [Full-Disclosure] Wireless ISP DNS, D B
Next by Thread:  [Full-Disclosure] [ GLSA 200405-24 ] MPlayer, xine-lib: vulnerabilities in RTSP stream handling, Thierry Carrez
Indexes:  [Date] [Thread] [Top] [All Lists]