Re: wireless sniffing question

[Cedric Blancher <blancher () cartel-securite fr>]

Le samedi 04 décembre 2004 à 03:09 -0500, question question a écrit :
> Lets say I have a Linksys (or whichever brand you like) wireless
> router with a wireless host using 128 bit WEP encryption, and a wired
> host connected to the same device.  Obviously it is possible for the
> wired box to do various arp attacks on the switch to view other wired
> hosts traffic. But does the same apply for the wireless host?

Yes, most probably.
Most WiFi routeurs act as a bridge between internal wired network and
wireless network. The routeur part occurs between internal network (WiFi
+LAN) and WAN port. Thus, ARP attacks can occurs between the two
networks, meaning a wireless station can attack a wired one and
vice-versa.

> Can the wired host trick the switch on the Linksys into forwarding the
> wireless clients packets to him via the regular wire?

As shown above, definitly yes.
Then it can deploy cleartext attacks against WEP, as an example...


-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> > Hi! I'm your friendly neighbourhood signature virus.
> > Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html