Frackin script kiddies!!

Bill Bogstad bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org
Fri Aug 6 13:19:59 EDT 2010


On Fri, Aug 6, 2010 at 10:39 AM, Richard Pieri <richard.pieri-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> On Aug 5, 2010, at 8:25 PM, Bill Bogstad wrote:
>>
>> That still sounds like it is running on one of the end points
>> (client).  In order to do that the end point has to have already been
>> compromised.   That's very different from manipulating the
>> communications path between two secure end points.
>
> If you see the computer that the game client runs on as an end-point then yes, you are correct.   If, however, you look at the game client as an end-point then it is an MitM attack.

I had a long discussion with someone off line and I can see how MitM
can even be defined as occurring entirely within the confines of a
single computer.  OTOH,  such attacks require compromising the local
machine.  We know that Windows clients are frequently compromised.  As
with most operating systems, if the local machine is compromised all
things are possible.  Basically if you can't trust your local machine,
you can't trust anything.  So in the context of this conversation
(network communications security), I don't see how the frequency of
these WoW hacks are relevant.  So we end up back with one instance in
20 years in the Boston metro area.

Still previous frequency doesn't mean someone might not start trying
to do something.   I've always wondered about using ARP spoofing for
the IP address of the local router in order to examine
all traffic:

http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=12868&mode=thread&order=0&thold=0

Unfortunately for attackers, the wide use of NAT based home routers
make this much less interesting.    Compromising a Windows computer in
your home and doing ARP spoofing from it is only going to let me see
the Internet traffic for the rest of the machines in your household.
Your neighbors security will be unaffected.  I suppose if you keep a
Windows machine around for gaming  this is a way to do a MitM attack
against more secure (Linux) machines.   Given the rarity of such
situations and the massive amounts of low hanging fruit elsewhere,
unless someone is really trying to target you specifically I don't see
anyone bothering to try to do this anytime soon.

Trying to compromise the home router is more interesting and there
have been a number of occasions when people have figured out how to
jailbreak the router's GUI interface and get to the
underlying Linux system.  This plus default router passwords should be
of concern.  I vaguely remember reading about this kind of thing, but
don't recall if it was theoretical or if people were actually seeing
it used in the wild.

Bill Bogstad






More information about the Discuss mailing list