Re: Tricky question...

From: chris@nospam.com
Date: 09/30/02

• Next message: Alan Schwartz: "Re: Tricky question..."
• Previous message: Gabriel: "Tricky question..."
• In reply to: Gabriel: "Tricky question..."
• Next in thread: Alan Schwartz: "Re: Tricky question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: chris@nospam.com
Date: Sun, 29 Sep 2002 20:16:43 -0700

On 29 Sep 2002 12:58:50 -0700, en_hemlig_person@hotmail.com (Gabriel)
wrote:

>The setup is as follows: Three access points (AP1, AP2 and AP3) are
>connected to a switch and to each of the access points one laptop is
>associated (Lap1, Lap2 and Lap3). Each of the three laptops uses a
>different WEP key (WEP1, WEP2 and WEP3) when they associate to their
>access point.
>
>Question: Is it possible for Lap1 (in this case the attacker and
>associated to AP1 using WEP1) to perform a Man-in-the-Middle attack
>using ARP cache poisoning (with e.g. Ettercap) against Lap2 and Lap3
>(i.e. sniffing the communication between Lap2 and Lap3)? Assuming
>that Lap2 is associated to AP2 using WEP2 and Lap3 is associated to
>AP3 using WEP3???
>
>I am thinking that WEP only encrypts the data that travels trough the
>air between a laptop and the AP, which would mean that it travels in
>clear text between the AP and the switch?? If this is the case Lap1
>should be successful in carrying out a MITM attack against Lap2 and
>Lap3 since it "intercepts" the data trough the switch. Am I right or
>am I wrong?
>
>If I am right this scenario would be possible: AP1 is NOT using WEP,
>which (basically) means than anyone can associate with it, but AP2 and
>AP3 are using WEP. Now Lap1 (the attacker) can perform a MITM attack
>against Lap2 (associated to AP2 using WEP2) and Lap3 (associated to
>Lap3 using WEP3) without any problems whatsoever since it didn't have
>to crack a WEP key…

Sounds very plausible to me. In theory, the AP and the wireless
connection just look like switches to the network.

---

• Next message: Alan Schwartz: "Re: Tricky question..."
• Previous message: Gabriel: "Tricky question..."
• In reply to: Gabriel: "Tricky question..."
• Next in thread: Alan Schwartz: "Re: Tricky question..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Tricky question... ... >clear text between the AP and the switch?? ... If this is the case Lap1 ... >If I am right this scenario would be possible: AP1 is NOT using WEP, ... Now Lap1 (the attacker) can perform a MITM attack ... (comp.security.misc) Tricky question... ... connected to a switch and to each of the access points one laptop is ... associated to AP1 using WEP1) to perform a Man-in-the-Middle attack ... I am thinking that WEP only encrypts the data that travels trough the ... clear text between the AP and the switch?? ... (comp.security.misc) Re: wpa problems again... ... I used WEP in the past and I switched to WAP-PSK with no problem at all. ... I have 2 different wireless networks, using Linksys at home and Netopia at ... > and switch it over to WPA again... ... (alt.internet.wireless) Re: WIFI an SBS 2003 ... Turning off the SSID and enabling MAC filtering offers no appreciable ... WEP is trivial to break in an business environment. ... WPA IS the minimum to be secure. ... > Pick up a good Wireless Router / Switch. ... (microsoft.public.windows.server.sbs) Re: WIFI an SBS 2003 ... Although WEP or MAC filtering can be easily broken, ... > WPA IS the minimum to be secure. ... >> Pick up a good Wireless Router / Switch. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)