Re: Poisontap security issue of NetworkManager?

On Thu, 2016-11-17 at 12:10 +0100, Claudius Heine wrote:

While reading about the poisontap hack by Samy Kamkar
(, I thought about ideas to prevent that.

I think the main issue is, that the network device is automatically
setup via dhcp by tools like NetworkManager & co.

So my question is: Is that more of a system configuration issue or
NetworkManager itself do something to prevent this scenario (e.g. not
starting dhcpcd on new interfaces generally or only while system is

Thanks and have a nice day,


alternatively, the malisious guy could just plug-in an ethernet cable
(connected to his raspi).
Chances are good that there is a NetworkManager connection for the
ethernet, with DHCP and autoconnect.

The user can prevent that, by configuring "no-auto-default" and
disabling autoconnect for all his connections.

Well actually... usually DHCP connections go down when carrier is lost.
However, they don't go down immediately but only after a short timeout.
Thus, the attacker could also quickly unplug the cable and re-plug his
MITM device. In this case the connection doesn't even go down... and
autoconnect doesn't come into play.

Unsurprisingly, with phyiscal access to the machine you can perform various forms of MITM.

Connections can be restricted to a user via "connection.permissions".
Such connections can only autoconnect when a session for the user
exists. But that doesn't consider whether the session is active (or

maybe the user should just set flight-mode when the screen is locked...
than the policy is entirely outside of NetworkManager.


Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]