Re: Public Access WIFI Security
From: Hairy One Kenobi (abuse_at_[127.0.0.1)
Date: 09/30/05
- Previous message: Steve Welsh: "Re: Students' computers..."
- In reply to: teh Mephisto: "Re: Public Access WIFI Security"
- Next in thread: Technomage Hawke: "Re: Public Access WIFI Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Sep 2005 09:35:34 GMT
"teh Mephisto" <dont.worry@bout.it> wrote in message
news:LXT_e.76500$Jp.2279820@twister.southeast.rr.com...
> Hairy One Kenobi wrote:
> > "teh Mephisto" <dont.worry@bout.it> wrote in message
> > news:iTI_e.11399$ua.515214@twister.southeast.rr.com...
<snip>
> > Incidentally, and in case you hadn't noticed, the Internet itself is..
um..
> > a shared public service. Any privacy you happen to gain from someone
else's
> > routing table is pretty much a side-benefit.
> >
> > Coming up next.. blutooth it am teh sc4ry!!!1!!!
> >
> > ;o)
> >
>
> Now that everyone uses switches, its a lot better than it used to be.
> WIFI is still ran just like a hub, where everyone connected can see
> everything you are doing.
>
> Sure there are still some hubs around but noones stupid enough to put
> them up where it really matters.
Erm, actually "they" do. Both genuine hubs and switches configured
for-a-purpose.
The purpose is usually the same sort of load balancing used by Windows
(NLBS, or WLBS as it used to be called). It uses MAC spoofing (MS borged a
company); this doesn't always work on particular Cisco switches, even when
they've been set to bridge ports (which is the other case you'll commonly
see. Damned hard to sniff or run an IDS without this sort of facility -
although you have to be careful that it can handle the sort of traffic that
you're likely to see, particularly if you're on/near the backbone.).
I have a military customer that ended up doing this - it was cheaper to
recycle an old hub than to buy a new switch that actually did what it was
supposed to (bearing in mind that the selected switch /should/ have had the
capabilities, but might have broken one of their other security rules.
They're a customer; they get to do it they was they want <shrug>)
These sort of configs tend to be where you *really* need load-balancing
(i.e. at the very heart of "where it really matters")
In my case, I just have the two hubs - one sits on the Cable Modem
connection at home (so that I can simply plug-in a sniffer or firewall
tester); the other is my "network in a bag" that travels with me on-site. UK
companies generally don't let you plug into their networks, these days, so
it's a useful last resort for data transfer if we already have someone
there. Or if I end up running software that's licensed by MAC address -
modern laptops switch you between different NICs, which buggers all that up.
Must get around to making one of those "key" thingummies that you used to be
able to buy.
H1K
- Previous message: Steve Welsh: "Re: Students' computers..."
- In reply to: teh Mephisto: "Re: Public Access WIFI Security"
- Next in thread: Technomage Hawke: "Re: Public Access WIFI Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
