Re: Poisontap security issue of NetworkManager?

From: Lubomir Rintel <lrintel redhat com>
To: Claudius Heine <ch denx de>, networkmanager-list gnome org
Subject: Re: Poisontap security issue of NetworkManager?
Date: Mon, 21 Nov 2016 13:07:58 +0100

Hello Claudius,

On Thu, 2016-11-17 at 12:10 +0100, Claudius Heine wrote:

Hi!

While reading about the poisontap hack by Samy Kamkar
(https://samy.pl/poisontap/), I thought about ideas to prevent that.


Too much drama there. Hijacking the internet connection of a box you
have physical access to is hardly a security issue.

I think the main issue is, that the network device is automatically
setup via dhcp by tools like NetworkManager & co.


That is a feature. You generally want network connectivity when you
plugin a network adapter with a cable in it.

So my question is: Is that more of a system configuration issue or
can
NetworkManager itself do something to prevent this scenario (e.g. not
starting dhcpcd on new interfaces generally or only while system is
locked)?


Yes, the feature can be turned off. Check out no-auto-default=* in
NetworkManager.conf(5) manual. In Fedora it's sufficient to install
NetworkManager-config-server package.

However, if you don't trust your USB ports, you may want to set the
sysfs attribute "authorized" to false by default on USB devices.
Perhaps with a udev rule or something.


Thanks and have a nice day,
Claudius


Have a nice day too!
Lubo

Follow-Ups:
- Re: Poisontap security issue of NetworkManager?
  - From: Claudius Heine
- Re: Poisontap security issue of NetworkManager?
  - From: D.S. Ljungmark

References:
- Poisontap security issue of NetworkManager?
  - From: Claudius Heine

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]