[MLB-WIRELESS] DNS and Locfinder

Craig Sanders cas at taz.net.au
Fri Nov 29 23:11:04 EST 2002 

On Fri, Nov 29, 2002 at 10:16:30PM +1100, evilbunny wrote:
> I'm told both OSPF and BGP "passwords" can be sniffed, so not much
> security there...
> 
> AG> Yeah, though I doubt all that many people go around updating routers
> AG> when problems have been disclosed to the public. I slightly recall a 
> AG> report thinger I read when people went looking and managed to compromise 
> AG> several "important" routers.
> 
> I'm talking about wireless networks, I highly doubt people wish to
> constantly update static routing tables, and no have mutlipath
> routing, something a little closer to home...

one immediately obvious solutoin to that is for each routing node to set
up encrypted tunnels to other routing nodes that they want to accept
route updates from - and configure zebra (or whatver) to ignore packets
that come from any other interface.

alternatively, hack decent encryption into zebra for use on insecure
networks (it's been a long time since i looked at zebra, it's possible
that this may already be there. dunno).  this is more work than tunnels
but is probably the Right Thing to do in the long term.

> AG> Well, its a different ball game. Depending on how good the attackers
> AG> are, we may never notice.
> 
> Script kiddies + lot of time on their hands with an unencrypted adhoc,
> haphazard network to toy with... I can see them salivating at the
> thought now...

dunno about that.  small wifi networks wouldn't give anywhere near the
same bragging rights to these losers as even a small site on the 'net.

sure, there'll be some - but i can't see that we're going to have to
worry about hordes of them.  for one thing, it's a little close to home
- you have to be in range of the router you're attacking, which
minimises the number of people who can attack any given router node.

craig

-- 
craig sanders <cas at taz.net.au>

Fabricati Diem, PVNC.
 -- motto of the Ankh-Morpork City Watch

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list