Bringing in the Sheep: the FireSheep firestorm

Devlin Daley devlin at instructure.com
Thu Nov 4 14:41:30 MDT 2010


On Thu, Nov 4, 2010 at 2:36 PM, Charles Curley <
charlescurley at charlescurley.com> wrote:
>
> The reason I specify "hub" is that one difference between a hub and a
> switch is that a hub simply propagates data that comes in on one port
> to all other ports. A switch only propagates an incoming packet to the
> next port on that packet's journey, e.g. the firewall. Since the swithc
> operates at the Ethernet level, it should hide Internet traffic from
> the other machines on the LAN.


For a switched network you'd have to combine it with something like ARP
poisoning or DNS hijacking.

WPA doesn't broadcast and is "immune" to this attack, but the recently
discovered vulnerabilities on WPA would allow a connected client to
potentially sniff other clients' traffic making this specific attack
possible.

—Devlin


More information about the PLUG mailing list