[ previous ] [ next ] [ threads ]
 From:  Steve Bertrand <steve at ibctech dot ca>
 To:  Mohammed Ismail <m dot ismael at gmail dot com>
 Cc:  'Lee Sharp' <leesharp at hal dash pc dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Fri, 01 May 2009 08:41:28 -0400
Mohammed Ismail wrote:

> Yes you are right, I had a friend of mine was able to connect through
> wireless AP connected to mikrotik, he was able to sniff other client's
> username and password for hotspot login.

Using SSL for the login page will fix that...

> Nothing is secured 100% , but people like my friend are not much out there,

...don't bet on that. Freely available tools and online "howto's" are
readily available to make anyone with a computer dangerous. It is the
people who _don't_ know about networking that blindly use these
point-and-click tools on other peoples networks who are dangerous.

The well experienced network experts are the ones who will surgically
infiltrate your network, get whatever they need, and leave without ever
leaving a trace behind.

> So you are safe as long they are away from you.

If you have 100+ users across 20 buildings, I assure you that you need
to be concerned about internal security.

If you really do have 20 switches in 20 buildings, then surely your
company can afford to replace a few of them with managed gear.

At a minimum, you can buy Cisco 2950's on eBay for < $100 USD. They will
get you started, and even three of them in good locations will at least
minimize any impact an intruder might have (in the ARP Poison context).

Your better bet would be replace all 20 switches with managed ones, and
then you _could_ protect each client, and at the same time give you new
opportunities to re-design your broadcast domain into smaller, more
manageable purpose-built ones.

> Most people uses Switch Sniffer and Cain or winarp spoofer and netcut
> Plus womrs. 

Perhaps you are right, _most_ people likely do use those tools, but
knowledgeable people who require such tools for troubleshooting use
tcpdump, nmap, ettercap, hping2, scapy etc ;)