[NEWS] Wireless Access Points and ARP Poisoning

From: support@securiteam.com
Date: 10/22/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [NEWS] Wireless Access Points and ARP Poisoning
Message-Id: <20011022075448.18393138C9@mail.der-keiler.de>
Date: Mon, 22 Oct 2001 09:54:48 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Wireless Access Points and ARP Poisoning
------------------------------------------------------------------------

SUMMARY

Address resolution protocol (ARP) cache poisoning is a MAC layer attack
that can only be carried out when an attacker is connected to the same
local network as the target machines, limiting its effectiveness only to
networks connected with switches, hubs, and bridges; not routers.
Most 802.11b access points acts as transparent MAC layer bridges, which
allow ARP packets to pass back and forth between the wired and wireless
networks. This implementation choice for access points allows ARP cache
poisoning attacks to be executed against systems that are located behind
the access point. In unsafe deployments, wireless attackers can compromise
traffic between machines on the wired network behind the wireless network,
and compromise traffic between other wireless machine including roaming
clients in other cells.
Of particular note is the vulnerability of home combination devices that
offer a wireless access point, a switch, and a DSL/cable modem router in
one package. These popular consumer devices allow a wireless attacker to
compromise traffic between computes connected to the built-in switch.

DETAILS

The full published paper is available at:
 <http://www.cigitallabs.com/resources/papers/download/arppoison.pdf>
http://www.cigitallabs.com/resources/papers/download/arppoison.pdf.

ADDITIONAL INFORMATION

The information has been provided by <mailto:rfleck@cigital.com> Bob
Fleck and <mailto:jdimov@cigital.com> Jordan Dimov.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages