Re: Hmmm - dslreports.com

Author	All Replies
cbs228 Geeks Of The World, Unite join:2000-09-04 Saint Louis, MO	reply to swhx7 Re: Hmmm said by swhx7 : Packet sniffing is a risk to other users, and to the AP owner if he uses a laptop, but not to the AP owner if he uses ethernet. This is untrue. Programs like ettercap-ng can easily perform packet sniffing attacks against switched ethernet—even when the attacker is connected via a wireless access point. Managed ethernet switches (like this one) can recognize and block some of these these attacks, but I've never seen consumer grade gear that can do it. The problem can also be solved by placing the AP outside a properly configured firewall, but this is impossible with the all-in-one combination wired/wireless routers that most people use. These kinds of attacks can pose a substantial threat to businesses that offer free wi-fi by just plugging in an AP into their existing wired network. Intruders can use this connection to attack wired devices, such as point-of-sale terminals, with ease. -- "If you stare too long into the abyss the abyss stares back at you." -Nietzsche GENERAL FAILURE READING ©: DRIVE (A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress?
	to forum · permalink · · 2008-01-10 17:35:31 ·
swhx7 Premium join:2006-07-23 Elbonia ·RoadRunner Cable	Would you explain more? Let's say Alice uses a wired desktop; her packets go to and from a switch/router and from there to/from internet. Bob with a laptop connects to an access point, the AP is connected to the same switch. How can Bob capture Alice's packets? Are you assuming a different topology?
swhx7 Premium join:2006-07-23 Elbonia ·RoadRunner Cable	to forum · permalink · · 2008-01-10 22:52:16 ·
cbs228 Geeks Of The World, Unite join:2000-09-04 Saint Louis, MO	There are several ways an attacker could go about doing this, and the most common one is ARP spoofing. The Address Resolution Protocol (ARP) is the method that machines use to determine the exact layer 2 (ethernet/wifi) address to route IP traffic to. When Alice goes to send a packet to the internet, here is what happens: •Alice's computer has an IP address of 192.168.0.2 and an ethernet address of 00:00:00:00:00:00. She's planning on sending a packet to 1.1.1.1, and because that address isn't on her local network she must send it to her router. She knows (from DHCP) that her router has an IP address of 192.168.0.1, but she doesn't know what ethernet address to send it to. •Alice broadcasts a message to the entire LAN asking, "who has 192.168.0.1?" This is called an ARP request. •The router responds with the reply, "I am 99:99:99:99:99:99, and I have 192.168.0.1." This is an ARP reply. •Alice then addresses her packet to send to IP address 1.1.1.1 and ethernet address 99:99:99:99:99:99, and the router forwards it on to its destination. The kicker is that ARP replies can be faked—if Bob can say that he has 192.168.0.1 before the router does, Alice's computer will think that Bob is the router. Most machines will even accept ARP replies at any time, even when they already have an ethernet address on file. (This is a feature, not a bug.) Since wifi and ethernet share the same physical addresses—again, this is also by design—this attack can be used on ethernet LANs from a wireless access point. This is only one of several attacks against ethernet LANs, and the bottom line is this: Don't let machines on your LAN that you don't trust. Unless you can set up something like a Virtual LAN, don't even think about running an unsecured AP. -- "If you stare too long into the abyss the abyss stares back at you." -Nietzsche GENERAL FAILURE READING ©: DRIVE (A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress?
	to forum · permalink · · 2008-01-11 03:26:24 ·


Monday, 01-Dec 22:01:37	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF