Wireless Access Points and ARP Poisoning: Wireless vulnerabilities that expose the wired network Bob Fleck <rfleckat_private>, Jordan Dimov <jdimovat_private> Address resolution protocol (ARP) cache poisoning is a MAC layer attack that can only be carried out when an attacker is connected to the same local network as the target machines, limiting its effectiveness only to networks connected with switches, hubs, and bridges; not routers. Most 802.11b access points acts as transparent MAC layer bridges, which allow ARP packets to pass back and forth between the wired and wireless networks. This implementation choice for access points allows ARP cache poisoning attacks to be executed against systems that are located behind the access point. In unsafe deployments, wireless attackers can compromise traffic between machines on the wired network behind the wireless network, and also compromise traffic between other wireless machine including roaming clients in other cells. Of particular note is the vulnerability of home combination devices that offer a wireless access point, a switch, and a DSL/cable modem router in one package. These popular consumer devices allow a wireless attacker to compromise traffic between computes connected to the built-in switch. http://www.cigitallabs.com/resources/papers/download/arppoison.pdf -- Elias Levy SecurityFocus http://www.securityfocus.com/ Si vis pacem, para bellum ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Oct 19 2001 - 12:28:34 PDT