A new class of network vulnerability???

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Synthesis:Law and Technology Law and Technology"  
<synthesis.law.and.technology () gmail com>
Date: July 25, 2007 10:41:17 AM EDT
To: David Farber <dave () farber net>
Subject: A new class of network vulnerability???

Dave,

In all the confusion about the Duke University network problems and  
pointing fingers at iPhone who turned out to not be the culprit and  
understanding how the vulnerability was merely triggered by the  
iPhone (could have been another wireless device) one thing seems to  
have been overlooked by most.

This was an accidental Denial of Service.   The Apple devices were  
merely doing what they are supposed to do, according to RFC.  But the  
next time something like this happens, it could be deliberate.  Cisco  
recognizes that the patch they are issuing is not a cure for  
"deliberate attempts to create an ARP storm".  The scary part is such  
attempts could be virtually untraceable coming from a portable  
device.   What wireless infrastructure could be at risk?  What would  
be the cure?  Turning off wireless?



--
Dan Steinberg

SYNTHESIS:Law & Technology
35, du Ravin phone: (613) 794-5356
Chelsea, Quebec
J9B 1N1

-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com