-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: Dave Falloon [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 4:32 PM > Cc: [EMAIL PROTECTED] > Subject: Arp Spoofing with wireless networks > > > Hi everyone, > Just a few questions about 802.11 : > Am I correct in assuming that arp spoofing on a > wireless network is way more of a problem than on a wired network? > Is there some safe gaurd in place that keeps this > from happening? > Is 802.11 ethernet based, does it use the arp at all? > > If not then potentially I could spoof my way into a MiM > attack with no one any wiser and I only have to be near the > signal. I don't have to get through a firewall, I don't have > to hack any boxes, all I have to do is be close enough that I > can transmit to and recieve from your base station. If all > of this is true then how is it that people would ever > implement a network that includes even a small portion of > wireless nets. I hope I am wrong about this because there > have been cries for wireless from above in my organization. > Thank you in advance.
Heh. Yeah, Arp poisoning on wireless networks is hardcore. The biggest surprise is that you can see the WIRED traffic that's on the same segment as the wireless AP. I've found that most of those all-in-one firewall/router/WAP boxes are exceptionally vulnerable, because there's really no way to increase security. From outside my apartment, I can associate to my D-link piece-of-crap, start ARP poisoning, and I can watch the router log-in using PPPoE to my DSL modem. Sick. You could watch an admin telnet into the PIX firewall from an internal IP. Again.. Sick. A lot of people try to run VPN over wireless, thinking they're safe.. But if potential attackers can still associate, they can still ARP poison, and they can still attack the WIRED traffic that isn't encrypted. There are some things that can be done to secure wireless though.. Just running VPN or some encryption technology over the wireless won't do it though... First.. VLAN off your wireless. Not doing this makes you SO vulnerable, it's not even funny. Second.. Restrict who's allowed to associate to the WAP. Depending on your hardware, you should be able to require they have a WEP key to associate, or restrict it by MAC address or whatever. Granted, this is just a deterrent, since it's easy enough to get a WEP key or change a MAC address, but normally it's enough to keep your average opportunistic attacker away. Third.. Perm ARP cache entries. Fourth.. Network IDS on the wireless segment. Some stupid little box with snort or even arpwatch would be great. It's not really that wireless is a bad idea.. It's just many organizations want to start using it, without understanding the impact to the network infrastructure. It's possible to use wireless securely, it's just most people don't. Hope this helps.. - -- Jon Erickson Cryptologist and Security Designer Caspian 415.974.7081 D49B 4561 1078 0A72 DDF3 7250 8EF4 4681 587E 41DD 1728748 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPEXPYo70RoFYfkHdEQLSSACg0X4UDJXg2r1SzgzH/R44PvUUq20An2yx AwZkCxVvwJG+8QwuFsEBcNYM =wGhY -----END PGP SIGNATURE-----
