<#secure method=pgpmime mode=sign>
Brian Dickson <brian.peter.dick...@gmail.com> wrote:
> Any host/interface that uses ARP (not sure whether any flavor of WiFi
> does, or if so which flavors), exposes the L3/L2 mapping.
Yes, WIFI does use ARP. On all flavours.
Encrypted WIFI, which is mostly the default now, encrypts everything above
the L2, so the L3 part of the mapping is not seen by passive EM observers.
ARP broadcasts as you mention, so other stations on the network could see the
mapping, and the AP by default helpfully re-encrypts broadcasts to every
station. But, that's not a passive observer: the observer is on the network.
Many APs filter ARP broadcasts as being useless chatter.
> So, wired
> IPv4 for certain (except in very locked-down enterprise settings with
> static MAC addresses, perhaps) leaks this information to every host on
> the same broadcast domain (same subnet and possibly additional subnets
> on the same LAN/VLAN).
Yes, but that's not wifi. Phones do not have wired connections.
> ARP L2 broadcasts solicit information about IP addresses, and at a
> minimum each such query exposes its own MAC and IP address. Responses
> may be unicast or broadcast, not sure which. An active compromised
> host can easily solicit that information by iterating over all the IP
> addresses on the subnet and performing an ARP for each one.
It will be good if we can get a document from the MAC randomization
proponents (if there is such a group), to explain the thread profile.
I don't think it includes active compromised hosts.
Such hosts can also ARP/ND spoof, and can even do that for the router (".1"),
capturing all the traffic on the network.
--
Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting )
Sandelman Software Works Inc, Ottawa and Worldwide
_______________________________________________
homenet mailing list
homenet@ietf.org
https://www.ietf.org/mailman/listinfo/homenet
