An interesting idea. One that is disconcerting to those who plan to implement
wireless access points.
--
Joe Budzyn [log in to unmask]
301 Computer Center Ph: (517) 355-4500 x162
Michigan State University
East Lansing, MI 48864
---------- Forwarded message ----------
Date: Tue, 16 Oct 2001 14:45:46 +0000 (GMT)
From: Chris Wysopal <[log in to unmask]>
To: [log in to unmask]
Subject: [VulnWatch] New class of wireless attacks
New class of wireless attacks
Gary McGraw <[log in to unmask]>
Mon, 15 Oct 2001 08:30:07 -0400
Bob Fleck, a security consultant at Cigital, working with Jordan Dimov, has
discovered new class of wireless attacks that can be used to gain
unauthorized access to normally-protected machines on a standard wire-based
internal network. Wireless networks involve installation of a wireless
Access Point on a normal internal network. This Access Point is usually
connected to the wired network through a switch or a hub. The attacks
discovered by Cigital are based on an adaptation of a well understood
network attack from the non-wireless world known as ARP cache poisoning.
This emphasizes the importance of re-considering old risks in light of new
technologies, something that is especially important in software-based
systems!
The new class of attacks encompasses:
1) the ability to monitor and manipulate traffic between two wired
hosts behind a firewall
2) the ability to monitor and manipulate traffic between a wired host
and a wireless host
3) the ability to compromise roaming wireless clients attached to
different Access Points
4) the ability to monitor and manipulate traffic between two wireless clients
Previous wireless attacks have demonstrated that wireless traffic on an
802.11b network is vulnerable to monitoring and manipulation, even when it
is "protected" with WEP encryption. This new class of attacks discovered by
Cigital is based on abusing the Address Resolution Protocol (ARP) which
binds internal IP addresses to ethernet addresses.
Mitigating the risks of these attacks is possible. The best fix involves
placing a technical barrier between the wireless network and the normal
wired network. This provides only a partial solution that leaves the
wireless network in a compromised state, though it protects against the
worst of the attack class Cigital discovered. Further risks can be
mitigated through advanced design of any and all software applications that
make use of the wireless network.
Bob Fleck ([log in to unmask]) and Gary McGraw ([log in to unmask])
For more, see:
http://www.cigital.com/news/wireless-sec.html
http://www.cigital.com/news/wireless/faq.html
|