Does Anyone Have A Take On Fireshepard?

[NegativeSpace]

The way this software works makes it seem more like a half cocked defensive measure instead of an active preemptive security rule. If you haven't heard, it "defends" against attacks from FireSheep by sending large amounts of garbage packets in attempt to crash FireSheep. Maybe this is the best thing going as of right now, but I can't imagine it being very long until a simple patch is released that fixes the hole. Is there any reason to use FireShepard? Is there any reason not to use it?

[Infiltrator]

The only reason I see to use Fire-Sheppard is to jam Fire-sheep filters temporarily.

That is not the optimum solution to prevent fire-sheep attacks, but it will help minimize its attacks.

The author claims that Fire-sheppard is not a 100% solution but can give you a piece of mind in hostile environments.

[digip]

Let me ask you this, have you bothered to do any real world tests to see if the program does what the author claims? How do you even know it does what he says it does?

From looking at the source code, it would seem it floods facebook with fake cookies to a page on facebook that doesn't exist, and in turn if the 1,000's of people decided to download and run this, its like sending a DoS to facebook. I see no point in pointing it at your own router either.

Another thing to think about is compiling it yourself, because even if the author included the source code, that doesn't mean the executable provided with it is legitimate. Could be an SE Ruse to get people to run his program to target devices of his choice or even infect systems. Not trying to Bash the author, but also don't trust 3rd party programs from people I never even heard of.

If anything, this might get people who's real accounts with facebook get shutdown if they can see that you(by way of the real facebook cookies tied to an account) are the one sending these over and over again. They might just block your IP for continual flooding their network with 404's

The better protection would be to 1, don't use unsecured wifi of any kind and if possible, use a secure tunnel or vpn when on someone else's wireless, or 2, don't use social networks from locations other than your own home on a wired network. Wireless is inherently vulnerable to attack any way.

Edit:

I've tested this program in a VM just to see what it does, and it does send lots of get requests to facebook along with the fake cookie, but the traffic is constant. My guess is that leaving this running constantly would be a bad thing, not to mention flooding your own bandwidth with unneeded crap.

It also causes a json error in firesheep, but click the x and then restart firesheep's capture (while the fireshepard program is still running), and you can still sidejack with firesheep.

It will also cause invalid logins to facebook if you leave it running after closing the browser and trying to log back in.

Edited November 7, 2010 by digip

[Infiltrator]

No I have not done a real world test, but have done researches on it and also from reading other users comments that have done the same test as you did, they all suggested the same results as you.

[NegativeSpace]

Let me ask you this, have you bothered to do any real world tests to see if the program does what the author claims? How do you even know it does what he says it does?

From looking at the source code, it would seem it floods facebook with fake cookies to a page on facebook that doesn't exist, and in turn if the 1,000's of people decided to download and run this, its like sending a DoS to facebook. I see no point in pointing it at your own router either.

Another thing to think about is compiling it yourself, because even if the author included the source code, that doesn't mean the executable provided with it is legitimate. Could be an SE Ruse to get people to run his program to target devices of his choice or even infect systems. Not trying to Bash the author, but also don't trust 3rd party programs from people I never even heard of.

If anything, this might get people who's real accounts with facebook get shutdown if they can see that you(by way of the real facebook cookies tied to an account) are the one sending these over and over again. They might just block your IP for continual flooding their network with 404's

The better protection would be to 1, don't use unsecured wifi of any kind and if possible, use a secure tunnel or vpn when on someone else's wireless, or 2, don't use social networks from locations other than your own home on a wired network. Wireless is inherently vulnerable to attack any way.

Edit:

I've tested this program in a VM just to see what it does, and it does send lots of get requests to facebook along with the fake cookie, but the traffic is constant. My guess is that leaving this running constantly would be a bad thing, not to mention flooding your own bandwidth with unneeded crap.

It also causes a json error in firesheep, but click the x and then restart firesheep's capture (while the fireshepard program is still running), and you can still sidejack with firesheep.

It will also cause invalid logins to facebook if you leave it running after closing the browser and trying to log back in.

No, I haven't done any tests as I have very little interest in actually using Fireshepard and so I don't have any idea of it's functionality. If I were to consider using it, it would be only for environments outside of my home network. I hope someone comes up with a better solution to this kind of attack soon, for all the poor negligent/oblivious people out there.

[digip]

No, I haven't done any tests as I have very little interest in actually using Fireshepard and so I don't have any idea of it's functionality. If I were to consider using it, it would be only for environments outside of my home network. I hope someone comes up with a better solution to this kind of attack soon, for all the poor negligent/oblivious people out there.

There has always been a fix. When at a wifi hotspot, use a Secure Tunnel or VPN to encrypt all your traffic so spying eyes can't see. Never rely on http OR https. Even though https is fine for at home, someone at the wireless hotspot you use or wherever you are on a shared network for that matter, could use ssl strip or even rogue cloned sites that they redirect you to. Personally, I don't trust wireless and have it disabled on my own buffalo router.