cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| reply to swhx7
Re: Hmmm
There are several ways an attacker could go about doing this, and the most common one is ARP spoofing. The Address Resolution Protocol (ARP) is the method that machines use to determine the exact layer 2 (ethernet/wifi) address to route IP traffic to. When Alice goes to send a packet to the internet, here is what happens:
•Alice's computer has an IP address of 192.168.0.2 and an ethernet address of 00:00:00:00:00:00. She's planning on sending a packet to 1.1.1.1, and because that address isn't on her local network she must send it to her router. She knows (from DHCP) that her router has an IP address of 192.168.0.1, but she doesn't know what ethernet address to send it to.
•Alice broadcasts a message to the entire LAN asking, "who has 192.168.0.1?" This is called an ARP request.
•The router responds with the reply, "I am 99:99:99:99:99:99, and I have 192.168.0.1." This is an ARP reply.
•Alice then addresses her packet to send to IP address 1.1.1.1 and ethernet address 99:99:99:99:99:99, and the router forwards it on to its destination.
The kicker is that ARP replies can be faked—if Bob can say that he has 192.168.0.1 before the router does, Alice's computer will think that Bob is the router. Most machines will even accept ARP replies at any time, even when they already have an ethernet address on file. (This is a feature, not a bug.) Since wifi and ethernet share the same physical addresses—again, this is also by design—this attack can be used on ethernet LANs from a wireless access point.
This is only one of several attacks against ethernet LANs, and the bottom line is this: Don't let machines on your LAN that you don't trust. Unless you can set up something like a Virtual LAN, don't even think about running an unsecured AP.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
| reply to cbs228
Would you explain more?
Let's say Alice uses a wired desktop; her packets go to and from a switch/router and from there to/from internet. Bob with a laptop connects to an access point, the AP is connected to the same switch. How can Bob capture Alice's packets? Are you assuming a different topology? |
|
en102
Canadian, eh?
join:2001-01-26
Valencia, CA
·RoadRunner Cable
 ·DSL EXTREME
| reply to Jeffrey
Maybe he's the one doing the hacking...
a) Letting your average person connect to his WiFi, and gathering all the data off their laptop/pc.
b) Sniffing for passwords, credit card info, etc.
c) Becoming what most ISP's are... a reseller of your point-click data and browsing habits.
--
Canada = Hollywood North |
|
cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| reply to swhx7
said by swhx7  :Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet. This is untrue. Programs like ettercap-ng can easily perform packet sniffing attacks against switched ethernet—even when the attacker is connected via a wireless access point. Managed ethernet switches (like this one) can recognize and block some of these these attacks, but I've never seen consumer grade gear that can do it. The problem can also be solved by placing the AP outside a properly configured firewall, but this is impossible with the all-in-one combination wired/wireless routers that most people use.
These kinds of attacks can pose a substantial threat to businesses that offer free wi-fi by just plugging in an AP into their existing wired network. Intruders can use this connection to attack wired devices, such as point-of-sale terminals, with ease.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
|
Jeffrey
Merry Christmas
Premium
join:2002-12-24
Dix Hills,NY
clubs:
·Optimum Online
 ·Verizon FIOS
 ·Vonage
·magicjack.com
| reply to swhx7
said by swhx7 :Wruckman, the quotation in the blurb has the answer for you: quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless. And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy. That's great of him, but probably against the TOS of his ISP. For me, I wouldn't do it because my neighbors are jerks, but that's different story for a different time.
--
And so castles made of sand, slip into the sea, eventually.
I'm the Dude. So that's what you call me. You know, that or, uh, His Dudeness, or uh, Duder, or El Duderino if you're not into the whole brevity thing. |
|
swhx7
Premium
join:2006-07-23
Elbonia
·RoadRunner Cable
| reply to Jeffrey
Wruckman, the quotation in the blurb has the answer for you:
quote:
I'm also unmoved by those who say I'm putting my own data at risk... I configure my computer to be secure regardless of the network it's on...
This is a world-reknowned security expert saying this. It also applies for anyone who's knowledgable and careful enough to be confident of their computer security. Anyone who's not in that category should encrypt their wireless.
And Jeffrey, "What's the point of not securing it" is answered in the article: he wants to offer internet to neighbors and guests as a courtesy.
I agree there can be good reasons against this - abusive users; ISP that charges by amount of traffic (or has caps). Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet.
The illegal-activity risk is the one which I don't think Schenier addresses adequately. He admits "investigation could be time-consuming and expensive... might have your computer equipment seized... you might end up being charged despite your innocence..." His only answers are that it's unlikely and that open wireless would be a good defense. |
|
