Another computer using my IP on GoGo?
 

If a plane offers GoGo, it's a given I'll be online the moment we clear 10,000 feet--typically, a couple of flights per week.

On Thursday (MSP>OKC), I logged into GoGo using my MacBook Pro. Was humming along just fine...posting messages on Facebook (https login), confirming flight info on a couple of travel websites, launched Thunderbird to process work-related emails...the usual.

While in Thunderbird, outbound messages suddenly slowed waaaaaay down, each one hanging for 30-45 seconds before actually "departing." Then, the shocker--an error message popped up saying Thunderbird could no longer send emails because another computer in the network shared my IP address.

:confused:

Needless to say, I immediately shut everything down, worried that someone on the flight had hacked their way into my laptop.

Looking back, I doubt whether or not that's possible, but am just paranoid enough now to question what the heck happened. Anyone here (with a depth of Apple knowledge) have some insight to share? This one's got me stumped.

Thanks in advance.

Sounds like someone else on the plane cloned your mac address and IP to gain access to Go-Go, here is a link to an article on how to do it:
http://directory.mylovemyworld.co.cc...your-data.html

Can you think of any good countermeasures? Presuming the thief is stealing the go-go connection is there at least a good way to grind the SOB to a halt by constantly logging in. I'm sure that the airline staff would be powerless when this happens.

Okay, that scares the hell out of me. Does that mean they can, after the fact, use my IP to access sites, email, etc.?

As an Apple user, I thought we were more well protected than PCs for this kind of breach. Do you have first hand experience/knowledge about if/how this is possible on Apple products?

That's because Apple wants you to think that. @:-)

This problem isn't about your software, it's about the ability to clone your mac address, which all computers have.

Like the other poster said below this isn't a Mac vs PC thing it is about how Go-Go validates it users, and also about how certain so called secure websites Validate there users, and sessions. The one big thing you can do to increase security for yourself is to start using a VPN(Virtual Private Network(I use Strongvn.com)) this should prevent someone from pretending to be you to websites, and getting into your E-mail or bank account or god forbid your Flerytalk account, though i don't think this will stop them from fooling Go-Go. Hopefully someone else with more technical expertise can chime in with some more recommendations.

What time was this on Thursday? We had a minor outage that day, which would probably explain this, and means we most likely reset the router on your plane.

Having a duplicate IP doesn't mean someone can steal your data -- services are authenticated with way more than just an IP, in fact, no sites I know of authenticate with just an IP.

It is always wise to pay attention to security, but in this case you don't have anything to worry about.

That article is a bit too confusing for me. Would you clarify something? If I go to Starbucks, can some people see every computer logged on to the WiFi there? If so, how do they do it? Also, why do they do it and am I at risk?

Yes they can see every computer logged in it's IP and MAC address, also there are ways to collect all the data you send between your computer and the internet below is a link to another article explaining it a little better, by the way this is why I use a VPN.

http://hackingsecretsexposed.blogspo...passwords.html

^ this sounds like the most likely explanation - rather than a security issue. On most routers the list of addresses that have been allocated to each computer is lost when it restarts. So computer A could be given an address, told it's valid for x hours, and then the router is restarted. The router will quite happily give out that same address again at that point to another computer, resulting in an issue like this.

Glad to see a GoGo voice here on the boards--thank you!

This happened on the first segment of a trip to Oklahoma City (DL2330 MSP>MEM), Thursday 6.9.11. Can't tell you the exact clock time the duplicate IP error appeared, but it was pretty early into my GoGo session. After shutting down the computer, I never logged back in (so much for the $9).

That's what I'd always thought, but if someone has the skill set to piggyback off my IP, there's no telling what else they knew how to do. Definitely rattled my cage.

So what, exactly, can someone do with another user's IP in a scenario like mine?

Great suggestion, geeprice. Thank you--will head that direction next. ^

When you connect to any hotspot you are on a public network and should be using a software firewall for protection. If you are using Windows 7 or Vista it will prompt you to select the type of network when you first connect. Selecting Public will block all incoming traffic except for what you requested.

The firewall helps protect your computer but once information is sent anyone that is using the the hotspot can use a man in the middle attack to see what you are doing. So if you are browsing none secured web pages they would be able to view it but, anything secured such as HTTPS web sites, VPN, Remote Desktop, Citrix, would all be protected by end to end encryption. The man in the middle can see the encrypted packets of data but they are useless without a means to decrypt them.

One thing to watch is some sites have encrypted login pages but the rest of the site isn't encrypted. This will protect your login credentials but what ever you view anyone else can view. Also depending how the site is setup it would be possible for the man in the middle to inject information such as sending an email. Take yahoo mail for instance, the logon page is encrypted but once logged in, information is sent none encrypted or "in the clear" meaning anyone can see it. This is not really a problem since email should never contain sensitive information since standard email communication is not encrypted.

Safest options are Citrix, remote desktop, VPNs but all of them can be laggy over the airlines Internet do to the high latency.

That is exactly within the window of the outage - Your $9 is not wasted, I'll PM you a code for a free session on your next flight.

There really isn't much of anything someone can do when they hijack your IP. Web site authentication involves so much more secure stuff than just an IP. If it were that easy, we'd never be able to do online banking!

Just saw the PM in my box--thank you! Didn't expect that, but definitely appreciate it.

Just set up an account and all three of my devices (latop, iPhone, iPad). Thanks for the heads up; looks like something I'll get quite a bit of use from as I travel almost weekly for work.

Yet again, FlyerTalk saves the day.... ;)