On 6 Jun 2006, at 09:40, Stuart Henderson wrote: >> You'd be sniffing encrypted traffic at that point, right? > > Not if you poison ARP, since the traffic will be directed > to your MAC address and the AP will send it encrypted with > your key. It's just an ethernet-type network, remember. > (You can do the same thing with bridged VPNs, too).
Isn't there a pre-shared key used as an IV of some sort in WEP (and therefore WPA)? Yes, the traffic will be coming to you, but it's on a wireless network, so you can sniff if passively if you want, you don't need an IP address for that. Is there no way to defend against ARP poisoning? If not, then this a good argument for encrypting the data at higher layers, rather than relying on link layer security. > If you've been keeping an eye on what Reyk's been doing > you might have noticed his description of scalable networks > (http://www.openbsd.org/papers/bsdcan06-wlan/slide_12.html) > with each client in its own /30 - this is not only useful > for dynamic routing, it also ensures no free IP address > for the ARP tricks involved. Is there video/audio of that presentation? I would be interested to hear the whole thing. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
