Propose your solution
Attachments
No attachments.
Duplicates
Comments
|
dino
wrote on the 9 Sep 08 at 15:56
|
|
|
|
this should notifiy the user but shouldn't require the user to interact with it. Under windows i hate this "feature" when connecting to an unencrypted network. In most cases the user cant do anything about it (but disconnect) but he should be aware of it.
|
|
|
I am not sure what the implications would be to check every packetsf or SYN/ACK directed at other MAC addreses would be.
Either way, I would like to see such a functionality. Even if it would be in a separate application rather than integrated by default.
+1
|
|
|
|
Should also happen for unencrypted or WPE encrypted WLANs (everyone can read the traffic in the first case, the latter one can be easily cracked, in special cases this needs about 10 seconds, as I remember. Might also be wrong, so don't rely on it :) )
|
|
|
I think this should be done carefully - as stated above, there is not much a user can do, and you may have to be connected to a hub.
These methods won't detect a hub further up the network (after a switch), so we would have to be careful about giving a false sense of security when the message doesn't pop up.
On the other hand, I definately think that should pop up for networks using WEP or no encryption.
+1
|
|
Auzy
wrote on the 10 Sep 08 at 00:00
|
|
|
@Eldmannen, IPtables needs to check that stuff anyway (you could just use a rule to log such packets probably).
@timwintle, I have considered that, however:
1) Admins would need to be retards to put a hub before a switch in a network. It would be a massive bottleneck
2) Similar to spam filtering software, people know its simply to help. With spam for instance, just because a message about viagra makes it through, doesn't mean its definately not spam. People certainly wont rely on a warning to know if a network is secure or not. But its a lot better then being on such a network and not realising at all.
3) If MITM detection was added too, then it would be even more valuable.
This idea works well with Plugin support for network manager
|
|
|
|
In network-manager, the wireless network should be marked with a broken padlock or a crossed out padlock to mean insecure.
|
|
|
|
I'm against this, as it will give users a false sense of security. An ordinary network can't be safe; a switch will always act as a hub until it has learned all MAC addresses, so after switch reboots you would suddenly get "your network is insecure... oh wait, suddenly not anymore" messages. And you're always susceptible to ARP poisoning unless you use really expensive switches which will prohibit this. So, most users would never see anything besides insecure networks.
|
|
Auzy
wrote on the 10 Sep 08 at 12:08
|
|
|
Martin, easily handled, filter out ARP/RARP packets from the algorithm. And how the fark will it give users a false sense of security?
1) Probably only 1% will know it even exists
2) Users aren't going to EVER rely on it.
|
|
|
|
This idea is good, but ONLY if there is a way to make it not tell you, a "never show this again" tick box or similar. Otherwise it would be very annoying.
|
|
Auzy
wrote on the 13 Sep 08 at 00:01
|
|
|
I assumed there would be automatically prosthetic head ;)
(I know that some users here hate popups). However, most users will NEVER see this popup anyway.
|
|
|
No, Auzy, what I mean is: practically all networks have to be considered insecure, because the usual Ethernet was never designed with security in mind. Without using IPsec or VPN, you can't be secure. My 2 points explained in detail:
a) Three computers are connected to a switch. They all know each others MAC addresses via ARP already, so there's no need for ARP requests in the next few minutes. Now the switch is rebooted. Because it doesn't know the MAC addresses of it's clients, it has to act as a hub until it has learned the MAC addresses passively by watching ARP traffic, which could take a few minutes. For these few minutes, the applet would tell the user "your network is insecure", from out of the blue. User most probably will panic.
b) Three computers are connected to a switch. The switch has learned all MAC addresses and acts a switch; the applet would tell the user "your network is secure".
Now the user on computer C would initiate an ARP poisoning attack ( http://en.wikipedia.org/wiki/ARP_poisoning ); he would send computer A an ARP reply saying "I am computer B". Computer A would now learn the MAC address of computer C as the address for computer B, while C would route the appropriate traffic to B.
B won't get a message "your computer is insecure", because B never sees frames intended for A or C, but all the while all it's traffic would be routed over C, who is inspecting all the data for passwords. That's what I call "false sense of security".
|
|
Auzy
wrote on the 18 Sep 08 at 23:20
|
|
|
|
Thats true Martin, however, some are significantly more secure then others. Its not going to popup with a message "You are secure". It would only pop up with a message if you are at high risk.
|
Post your comment
|
