Return-Path: <sentto-279987-3162-1003550294-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 19 Oct 2001 21:03:09 -0700 (PDT) Received: (qmail 32331 invoked by uid 510); 20 Oct 2001 04:01:03 -0000 Received: from n10.groups.yahoo.com (216.115.96.60) by 204.181.12.215 with SMTP; 20 Oct 2001 04:01:03 -0000 X-eGroups-Return: sentto-279987-3162-1003550294-fc=all.net@returns.onelist.com Received: from [10.1.1.221] by n10.groups.yahoo.com with NNFMP; 20 Oct 2001 03:58:14 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 20 Oct 2001 03:58:13 -0000 Received: (qmail 62677 invoked from network); 20 Oct 2001 03:58:13 -0000 Received: from unknown (10.1.10.26) by 10.1.1.221 with QMQP; 20 Oct 2001 03:58:13 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 20 Oct 2001 03:58:12 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9K3wHF05625 for iwar@onelist.com; Fri, 19 Oct 2001 20:58:17 -0700 Message-Id: <200110200358.f9K3wHF05625@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 19 Oct 2001 20:58:17 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Wireless.vulnerabilities.that.expose.the.wired.network] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network Bob Fleck <<a href="mailto:rfleck@cigital.com?Subject=Re:%20Wireless%20Access%20Points%20and%20ARP%20Poisoning%2526In-Reply-To=%2526lt;20011019114843.B16608@securityfocus.com">rfleck@cigital.com</a>, Jordan Dimov <<a href="mailto:jdimov@cigital.com? Subject=Re:%20Wireless%20Access%20Points%20and%20ARP%20Poisoning%2526In-Reply-To=%2526lt;20011019114843.B16608@securityfocus.com">jdimov@cigital.com</a> Address resolution protocol (ARP) cache poisoning is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines, limiting its effectiveness only to networks connected with switches, hubs, and bridges; not routers. Most 802.11b access points acts as transparent MAC layer bridges, which allow ARP packets to pass back and forth between the wired and wireless networks. This implementation choice for access points allows ARP cache poisoning attacks to be executed against systems that are located behind the access point. In unsafe deployments, wireless attackers can compromise traffic between machines on the wired network behind the wireless network, and also compromise traffic between other wireless machine including roaming clients in other cells. Of particular note is the vulnerability of home combination devices that offer a wireless access point, a switch, and a DSL/cable modem router in one package. These popular consumer devices allow a wireless attacker to compromise traffic between computes connected to the built-in switch. <a href="http://www.cigitallabs.com/resources/papers/download/arppoison.pdf">http://www.cigitallabs.com/resources/papers/download/arppoison.pdf> ------------------------ Yahoo! Groups Sponsor ---------------------~--> Pinpoint the right security solution for your company- Learn how to add 128- bit encryption and to authenticate your web site with VeriSign's FREE guide! http://us.click.yahoo.com/yQix2C/33_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST