Hey RMS, Great idea, but I think it's already been in the works in the latest version of Dug Song's infamous dsniff. I really hope that he fixes the several remote exploits that exist in this acclaimed pen-testing tool, though.
Here are some recent #monkey logs I've acquired that highlight the features that I'm discussing. *** #monkey Session Start (11/24/02) *** <dr``> Hey Doug. How's it going? I'm working on my HoneyNet project, and I'd like to implement a WiFi security tool. I think it'd be splendid if we could somehow alert these ScriptKiddie BlackHats as to how insecure it is for them to use our HoneyPots send Unsolicited Commercial E-Mail (Better known as spam). <dugsong> Excellent notion! In my homeland of Asia, it is considered good KARMA to help people in times of need. Peradventure I shall add such a feature in my next version of dsniff? <dr``> Superb. Maybe you can give me credit for the idea? I think it'd be delightful if we made it email everyone involved in this BlackHat SPAM attack, including the Sender, the Receiver, and even those to which a Carbon-Copy will be sent! <dugsong> What's this bullshit I hear about ScriptKiddies being able to gain root access to the VMWare Host Machines by exploiting flaws in the x86 architecture? <dr``> Rubbish! I've got Lance Spitzner on my side. I'm sure he's audited the source code very well. What's this I hear about dsniff being remotely exploitable in several places throughout the CodeBase? <dugsong> Hmmm. Alright. I'll keep quiet. *** #monkey Session End (11/24/02) *** On Wed, 18 Dec 2002 21:28:04 -0500 "Richard M. Smith" <[EMAIL PROTECTED]> wrote: > Hi, > > Here is a WiFi security tool that I would like to see developed and > made available free of charge on the Internet. The tool would be a > packet sniffer that listens to unprotected email traffic on a WiFi > network. When it sees an email message being sent in the clear, it > sends out its own message to the "To", "From", and "CC" email > addresses saying that the message could be easily read by the "bad > guys". The message who link to a Web page that describes the security > problems with unprotected WiFi networks and then offers some possible > solutions to the problems. > > This tool would be a great way to educate the public on the dangers of > insecure WiFi hotspots. It would make crystal clear to all > participants of the email conversation how easy it is for > eavesdroppers to listen in. > > From privacy reasons, the tool should not keep a record of any the > TCP/IP traffic that it sniffs. > > I believe that the tool can be put together without too much trouble > using existing public domain software libraries. > > Any takers? > > Thanks, > Richard M. Smith > http://www.ComputerBytesMan.com > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
