Wireless Access Points and ARP Poisoning

From: aleph1@securityfocus.com
Date: 10/19/01


Date: Fri, 19 Oct 2001 11:48:43 -0600
From: aleph1@securityfocus.com
To: secpapers@securityfocus.com
Subject: Wireless Access Points and ARP Poisoning
Message-ID: <20011019114843.B16608@securityfocus.com>

Wireless Access Points and ARP Poisoning:
Wireless vulnerabilities that expose the wired network
Bob Fleck <rfleck@cigital.com>, Jordan Dimov <jdimov@cigital.com>

Address resolution protocol (ARP) cache poisoning is a MAC layer attack that
can only be carried out when an attacker is connected to the same local
network as the target machines, limiting its effectiveness only to networks
connected with switches, hubs, and bridges; not routers. Most 802.11b access
points acts as transparent MAC layer bridges, which allow ARP packets to
pass back and forth between the wired and wireless networks. This
implementation choice for access points allows ARP cache poisoning attacks
to be executed against systems that are located behind the access point. In
unsafe deployments, wireless attackers can compromise traffic between
machines on the wired network behind the wireless network, and also
compromise traffic between other wireless machine including roaming clients
in other cells. Of particular note is the vulnerability of home combination
devices that offer a wireless access point, a switch, and a DSL/cable modem
router in one package. These popular consumer devices allow a wireless
attacker to compromise traffic between computes connected to the built-in
switch.

http://www.cigitallabs.com/resources/papers/download/arppoison.pdf

-- 
Elias Levy
SecurityFocus
http://www.securityfocus.com/
Si vis pacem, para bellum

---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/



Relevant Pages

  • RE: Wireless access
    ... Subject: Wireless access ... You should be able to go into the wireless properties and specify his ... SSID as the default network. ... Attend a course taught by an expert instructor with years of ...
    (Security-Basics)
  • Wireless Access Points and ARP Poisoning
    ... Wireless Access Points and ARP Poisoning ... Wireless vulnerabilities that expose the wired network ...
    (Bugtraq)
  • Re: Wireless Router into Netopia Router Into VPN
    ... VPN requires two different IP networks. ... Wireless networks can be great, but open you up to a lot of security risks. ... > set up works perfectly for creating a separate network for the ... But it sounds like your wireless access point is indeed on your network - ...
    (microsoft.public.backoffice.smallbiz2000)
  • RE: detecting wireless access points
    ... Running VPN over unWEPed wireless still leaves every ... other network connection that is on the same segment as the wireless ... > Subject: Re: detecting wireless access points ... > Even if you had your setup as an AdHoc system running VPN over it? ...
    (Security-Basics)
  • [NEWS] Wireless Access Points and ARP Poisoning
    ... Wireless Access Points and ARP Poisoning ... traffic between machines on the wired network behind the wireless network, ... These popular consumer devices allow a wireless attacker to ...
    (Securiteam)