[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-Disclosure] Wireless ISP DNS
From: Bart.Lansing () kohls ! com
Date: 2004-05-28 19:06:40
Message-ID: OF151F5888.DFD7298D-ON86256EA2.00688515-86256EA2.0068FB03 () kohls ! com
[Download RAW message or body]
This is a multipart message in MIME format.
--=_alternative 0068FB0286256EA2_=
Content-Type: text/plain; charset="US-ASCII"
Dan,
I don't know if we've progressed beyond hemlock...but we should have
progressed to MAC filtering, rotating WEP keys, VLANing/IPSECing/VPNing
traffic...and maybe even to things like using certificates issued to
wireless devices AND servers to validate them as well. Nothing is
foolproof, but there are a lot more layers out there than simple IP
filtering. Of course, as always, it is the repsonsibility of those who
are vulnerable to make themselves less so...but it's not quite as bleak a
landscape as you paint it to be.
Cheers
Bart Lansing
Manager, Desktop Services
Kohl's IT
full-disclosure-admin@lists.netsys.com wrote on 05/28/2004 12:18:42 PM:
> I'm not going to explain the details of networking, I
> assume if people subscribe they have a base knowledge.
>
> Exploit:
>
> Wireless networking is simple to sp00f IPs and it
> would be trivial to setup a DNS server on a laptop
> then sp00f the IP to match that of the ISPs DNS server
> and cause a wee bit of misdirection for the network.
>
> Update Re my wireless "crusade" : I have garnered the
> attention of the Illinois States Atty Generals office.
> We shall see if people with knowledge are locked up
> instead of given hemlock these days, or does anyone
> think we have progressed beyond that?
>
> Dan Becker
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> Friends. Fun. Try the all-new Yahoo! Messenger.
> http://messenger.yahoo.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
CONFIDENTIALITY NOTICE:
This is a transmission from Kohl's Department Stores, Inc.
and may contain information which is confidential and proprietary.
If you are not the addressee, any disclosure, copying or distribution or use of the contents of \
this message is expressly prohibited. If you have received this transmission in error, please \
destroy it and notify us immediately at 262-703-7000.
CAUTION:
Internet and e-mail communications are Kohl's property and Kohl's reserves the right to \
retrieve and read any message created, sent and received. Kohl's reserves the right to monitor \
messages by authorized Kohl's Associates at any time without any further consent.
--=_alternative 0068FB0286256EA2_=
Content-Type: text/html; charset="US-ASCII"
<br><font size=2 face="sans-serif">Dan,</font>
<br>
<br><font size=2 face="sans-serif">I don't know if we've progressed beyond
hemlock...but we should have progressed to MAC filtering, rotating WEP
keys, VLANing/IPSECing/VPNing traffic...and maybe even to things like using
certificates issued to wireless devices AND servers to validate them as
well. Nothing is foolproof, but there are a lot more layers out there
than simple IP filtering. Of course, as always, it is the repsonsibility
of those who are vulnerable to make themselves less so...but it's not quite
as bleak a landscape as you paint it to be.</font>
<br>
<br><font size=2 face="sans-serif">Cheers</font>
<br>
<br><font size=2 face="sans-serif">Bart Lansing<br>
Manager, Desktop Services<br>
Kohl's IT<br>
</font>
<br>
<br><font size=2><tt>full-disclosure-admin@lists.netsys.com wrote on 05/28/2004
12:18:42 PM:<br>
<br>
> I'm not going to explain the details of networking, I<br>
> assume if people subscribe they have a base knowledge.<br>
> <br>
> Exploit: <br>
> <br>
> Wireless networking is simple to sp00f IPs and it<br>
> would be trivial to setup a DNS server on a laptop<br>
> then sp00f the IP to match that of the ISPs DNS server<br>
> and cause a wee bit of misdirection for the network.<br>
> <br>
> Update Re my wireless "crusade" : I have garnered the<br>
> attention of the Illinois States Atty Generals office.<br>
> We shall see if people with knowledge are locked up<br>
> instead of given hemlock these days, or does anyone<br>
> think we have progressed beyond that?<br>
> <br>
> Dan Becker<br>
> <br>
> <br>
> <br>
> <br>
> <br>
> __________________________________<br>
> Do you Yahoo!?<br>
> Friends. Fun. Try the all-new Yahoo! Messenger.<br>
> http://messenger.yahoo.com/ <br>
> <br>
> _______________________________________________<br>
> Full-Disclosure - We believe in it.<br>
> Charter: http://lists.netsys.com/full-disclosure-charter.html<br>
</tt></font>
<table><tr><td bgcolor=#ffffff><font color=#000000>CONFIDENTIALITY NOTICE: <br>This is a \
transmission from Kohl's Department Stores, Inc.<br>and may contain information which is \
confidential and proprietary.<br>If you are not the addressee, any disclosure, copying or \
distribution or use of the contents of this message is expressly prohibited.<br>If you have \
received this transmission in error, please destroy it and notify us immediately at \
262-703-7000.<br><br>CAUTION:<br>Internet and e-mail communications are Kohl's property and \
Kohl's reserves the right to retrieve and read any message created, sent and received. Kohl's \
reserves the right to monitor messages by authorized Kohl's Associates at any time<br>without \
any further consent.<br></font></td></tr></table>
--=_alternative 0068FB0286256EA2_=--
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic