Hello Claudius, On Thu, 2016-11-17 at 12:10 +0100, Claudius Heine wrote: > Hi! > > While reading about the poisontap hack by Samy Kamkar > (https://samy.pl/poisontap/), I thought about ideas to prevent that.
Too much drama there. Hijacking the internet connection of a box you have physical access to is hardly a security issue. > I think the main issue is, that the network device is automatically > setup via dhcp by tools like NetworkManager & co. That is a feature. You generally want network connectivity when you plugin a network adapter with a cable in it. > So my question is: Is that more of a system configuration issue or > can > NetworkManager itself do something to prevent this scenario (e.g. not > starting dhcpcd on new interfaces generally or only while system is > locked)? Yes, the feature can be turned off. Check out no-auto-default=* in NetworkManager.conf(5) manual. In Fedora it's sufficient to install NetworkManager-config-server package. However, if you don't trust your USB ports, you may want to set the sysfs attribute "authorized" to false by default on USB devices. Perhaps with a udev rule or something. > > Thanks and have a nice day, > Claudius Have a nice day too! Lubo _______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
