cbs228
Geeks Of The World, Unite
join:2000-09-04
Saint Louis, MO
| reply to swhx7
Re: Hmmm
There are several ways an attacker could go about doing this, and the most common one is ARP spoofing. The Address Resolution Protocol (ARP) is the method that machines use to determine the exact layer 2 (ethernet/wifi) address to route IP traffic to. When Alice goes to send a packet to the internet, here is what happens:
•Alice's computer has an IP address of 192.168.0.2 and an ethernet address of 00:00:00:00:00:00. She's planning on sending a packet to 1.1.1.1, and because that address isn't on her local network she must send it to her router. She knows (from DHCP) that her router has an IP address of 192.168.0.1, but she doesn't know what ethernet address to send it to.
•Alice broadcasts a message to the entire LAN asking, "who has 192.168.0.1?" This is called an ARP request.
•The router responds with the reply, "I am 99:99:99:99:99:99, and I have 192.168.0.1." This is an ARP reply.
•Alice then addresses her packet to send to IP address 1.1.1.1 and ethernet address 99:99:99:99:99:99, and the router forwards it on to its destination.
The kicker is that ARP replies can be faked—if Bob can say that he has 192.168.0.1 before the router does, Alice's computer will think that Bob is the router. Most machines will even accept ARP replies at any time, even when they already have an ethernet address on file. (This is a feature, not a bug.) Since wifi and ethernet share the same physical addresses—again, this is also by design—this attack can be used on ethernet LANs from a wireless access point.
This is only one of several attacks against ethernet LANs, and the bottom line is this: Don't let machines on your LAN that you don't trust. Unless you can set up something like a Virtual LAN, don't even think about running an unsecured AP.
--
"If you stare too long into the abyss the abyss stares back at you." -Nietzsche
GENERAL FAILURE READING ©: DRIVE
(A)bort, (R)etry, (F)rivolous Lawsuits, (B)ribe Congress? |
