billyblaxsta

AIUI in theory two duplicate MAC addresses on the same network will have cause problems. Imagine, for example, that for a pay wireless service, a user spoofs his MAC address to appear the same as that of a paying user to get free service (with the client MAC information obtained from airodump-ng). What might happen in reality (rather than in theory) considering there are now two IPs that share one MAC? Thanks.

Here is an interesting article from 2005: http://www.wired.com/politics/security/news/2005/07/68370 "It can also let someone read the e-mail of guests who use web mail through the TV, putting business travelers at risk of corporate espionage. And it can allow an intruder to add or delete charges on a hotel guest's bill or watch pornographic films and other premium content on their hotel TV without paying for it." Does anyone still read e-mail though the TV (in hotels)? Does this facility even exit?

Hi, I have a couple of questions about Firesheep. AIUI, it works when - although the logon is HTTPS - the cookie sent by the server immediately after the logon is finished is sent through HTTP. Therefore, Firesheep is defeated by constant HTTPS (as can happen in Gmail and Facebook for example). What I do not understand having read (http://codebutler.com/firesheep) is whether the Firesheep user is operating as a MITM in order to obtain the session cookie. In the episode (http://hak5.org/episodes/episode-906) it looks as if Shannon is using Cain to ARPspoof Darren before using Firesheep. However, there is no mention of ARPspoofing on the coder's site and instead he says "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy." Is this really the situation? Why would a cookie be sent to anyone on the wireless network rather than to the actual client who has just logged in? And, therefore, how exactly does Firesheep obtain the session cookie? Thanks.

OK. Thanks. So for point A) you are saying the ARP cache is both spoofed and non-spoofed machines? Because obviously the gateway is not being spoofed but is included in the table. I am not quite sure what you mean in point C. I don't think there is any filtering going on. It's just that some machines in that list are wireless clients while others have very similar MAC addresses to the MAC of the AP to which I was connected. Maybe they are other APs? Would that be a viable interpretation?

It was done on my friend's office network with his permission. So it's not hypothetical in one sense but it's hypothetical inasmuch as it's not an actual attack. I would still like to know the answers.

Is there a rough number of computers one can arpspoof by broadcasting your MAC as the router before the whole network collapses? I realise this depends on the attackers computer so let's just say an average laptop - nothing special. Any personal experiences of arpspoofing multiple computers would be appreciated.

Hello, Let's assume that someone was arpspoofing a network and ran (using Ubuntu) arp -a. The network is a large open wireless and many clients have joined it. An edited version of the results is: ? (192.168.5.206) at 76:ca:34:bb:13:52 [ether] on wlan0 ? (192.168.2.122) at 22:7d:8f:26:c6:9f [ether] on wlan0 ? (192.168.3.239) at <incomplete> on wlan0 ? (192.168.2.242) at 00:1f:24:51:d6:c4 [ether] on wlan0 nameofcompany.com (192.168.4.1) at 00:12:11:44:13:f1 [ether] on wlan0 #this is the gateway ? (192.168.4.29) at 00:14:0d:22:18:ec [ether] on wlan0 ? (192.168.4.25) at 00:14:0d:22:18:01 [ether] on wlan0 ? (192.168.4.39) at 00:14:0d:22:18:c7 [ether] on wlan0 Three questions. a) I assume these are the IPs and MAC addresses of the people going through the arpspoofer (as he is the MITM)? Correct? B) What does <incomplete> signify - why is there no MAC? c) You will notice that 192.168.4.29, 192.168.4.25, and 192.168.4.39 have very similar MAC addresses and all begin 192.168.4.x. The AP the hypothetical arpspoofer was connected to was 00:14:0d:22:18:05. Obviously these three IPs are on the same subnet as the gateway device (192.168.4.1). I assume these are clients that are quite possibly permanently connected. Could they be wired machines? Thanks.

If someone was arpspoofing a network and someone else came along and also started arpspoofing the very same network would both parties be competing for the traffic or would something else weird happen?

Thanks - that worked great. I just had to add an '{' before the $xxx I'm just wondering how to add to the hello.txt file each time a new xxx and yyy variable is entered in the text boxes. At the moment hello.txt overwrites the previous entry with the newer ones.

I am on the sixth floor and I note that clients looking for networks (which are not in my building) sometimes connect to the Fon. Presumably - the reason I am the strongest signal - is because the AP they are looking for is not in the vicinity hence I am the strongest.

This is something I have been confused about for some time. Take a major company. It's employees have john_smith@company.com (for example). But what I don't really understand is where the employees login to access their e-mails. How would a person who doesn't work for the company find out? I know you can try exchange, mail, webmail (etc) .company.com but if they do not work then what? Of course, the company may use a third party service. I am just wondering how you would find out where people login to for example the BBC, or NBC, or CNN, or any major company?

There are lots of public hotspots which charge a fee. One UK example is BT Openzone (http://www.btopenzone.com/) They must cover most of the country. What I would be interested to know is how can these hotspots prevent ARPspoofing? They must surely be an attractive target especially at places like airports and train stations. Or do the owners of such commercial companies not care? Perhaps nothing can be done?

Thank you - that was a most illuminating response.

My knowledge of PHP is basically nonexistent (yes I am embarrassed about this) which is why this script does not work. I want to take two variables (variable1 and variable2) submitted by a client and then have the file (hello.txt) saved on the host. But nothing saves. If I add some HTML redirect script then it will redirect to that page - but, as mentioned, nothing saves onto the host. <?php $xxx = ($_POST['variable1']); $yyy = ($_POST['variable2']); $stuff = $xxx . " -- " . $yyy; $filed = @fopen("hello.txt", "a+"); @fwrite($filed, "$stuff"); @fclose($filed); } ?> [some HTML redirect code here]

I need to be more clear. I didn't mean an internet cafe just a regular cafe or resturant where you can pay with a credit or debit card via a terminal. I'm just wondering what else a WPA2 could be for if not the point of sale terminal.