Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

nothing new here (Re: A new class of network vulnerability???)

From: David Farber <dave () farber net>
Date: Wed, 25 Jul 2007 12:29:44 -0400


Begin forwarded message:

From: Christian Kuhtz <christian () kuhtz com>
Date: July 25, 2007 12:15:56 PM EDT
To: dave () farber net
Cc: ip () v2 listbox com
Subject: nothing new here (Re: [IP] A new class of network vulnerability???) 


Dave,
so, I'm not sure I follow here, but given that I live and breathe wireless LANs in my day job, I feel compelled to respond to the previous poster.
This is wireless we're talking about. Unlicensed spectrum in the 2.4 GHz ISM & GHz 5.8 band. Once you pass regulatory muster for the radio equipment, virtually everything else is fair game. And what is observed / contemplated here is just a fact of life in this business. It is up to manufacturers (and operators) to define requirements and evolve to manage this inevitable part of our business. There is no cure per se. And this is far from the only issue.
The countermeasure for issues like the one that appears to be at the cause of the issue experienced at Duke is in well designed equipment and infrastructure design choices which manage harmful traffic (and the definition of harmful really is a deployment and operator specific question and the answers vary greatly).
And I think there are still some questions outstanding as to what exactly happened at Duke within the network infrastructure. That is in addition to what is published at 

http://www.ietf.org/rfc/rfc4436.txt
for the actual mechanism blamed for this symptom, Cisco's security advisory at 

http://www.cisco.com/warp/public/707/cisco-sa-20070724-arp.shtml
and finally the actual bug report (only available to Cisco support contract holders) at
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do? method=fetchBugDetails&bugId=CSCsj50374 

or

http://tinyurl.com/2d3ofy
In closing, for anyone to call this a security issue is a bit of a stretch from my vantage point and is unaware of wireless operation in unlicensed bands. 

Best regards,
Christian



On Jul 25, 2007, at 11:12 AM, David Farber wrote:




Begin forwarded message:
From: "Synthesis:Law and Technology Law and Technology" <synthesis.law.and.technology () gmail com> 
Date: July 25, 2007 10:41:17 AM EDT
To: David Farber <dave () farber net>
Subject: A new class of network vulnerability???

Dave,
In all the confusion about the Duke University network problems and pointing fingers at iPhone who turned out to not be the culprit and understanding how the vulnerability was merely triggered by the iPhone (could have been another wireless device) one thing seems to have been overlooked by most.
This was an accidental Denial of Service. The Apple devices were merely doing what they are supposed to do, according to RFC. But the next time something like this happens, it could be deliberate. Cisco recognizes that the patch they are issuing is not a cure for "deliberate attempts to create an ARP storm". The scary part is such attempts could be virtually untraceable coming from a portable device. What wireless infrastructure could be at risk? What would be the cure? Turning off wireless? 



--
Dan Steinberg

SYNTHESIS:Law & Technology
35, du Ravin phone: (613) 794-5356
Chelsea, Quebec
J9B 1N1

-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: http://v2.listbox.com/member/archive/247/=now
RSS Feed: http://v2.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: