On Tuesday 14 June 2005 19:13, Ronny wrote: > >Maximum protection against what? Who? > > the bad guys including the ISP it'self :-)
And whose responsibility is that, the ISP? The vendor? To put it into perspective, the Ministry of Health will encourage the sale of condoms; they won't, however, make your wear them. > > >When you dial-up to an ISP, how less vulnerable are > > you than when you connect to a hot-spot? > > > >Mark. > > I don't think... "I don't think..." shouldn't be part of your strategy. Always assume the worst - you can't be secure by being obscure. > my connection will be hijacked on a > dialup by my dialup neighbors though can be > sniffed. Well, in breaching security, gathering information is the first step a would-be cracker does... either by digging DNS zones, querying RIR WHOIS servers, getting a job as a janitor to clean the server room, sniffing, it's all part of the cracking game. IP is IP, whether on PPP, HDLC, Ethernet or ATM networks, the fact that TCP/IP is the same across the board is a security hole in itself you have to acknowledge. > Besides it will require someone expensive > gadgets to route the whole E1 line to his access > server... E-1's operate at Layer 1, and unless you are into phone tapping, wouldn't make much sense for you to go that route when IP is crossing that circuit. Besides, most E-1's will be carried over fibre, and while tapping is possible, it's hard to do it without turning a few heads. Ethereal now supports packet sniffing on PPP circuits. How hard is it to sniff all the packets that traverse the NAS? > yet with a wireless he just needs a $15 > wireless card to own the whole hotspot. Not that simple (and probably much cheaper). That said, if an attacker takes over a hotspot, that's not your problem, that becomes the ISP's problem, and in deploying a hotspot, they should ensure their infrastructure cannot be compromised. The case you describe would be typical of a man-in-the-middle attack. Packets would be captured by a thug, routed to some box for processing, and then passed on as if they were untouched. As other posters have mentioned, man-in-the-middle attacks are best foiled by using encryption. As Cousin Moby 'The General' Apuli would say, "When it comes to being in public, always plan for the worst." Mark. > Ronny
pgphjFmXsRDYo.pgp
Description: PGP signature
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
