 |
 |
An interesting idea. One that is disconcerting to those who plan to implement wireless access points. -- Joe Budzyn [log in to unmask] 301 Computer Center Ph: (517) 355-4500 x162 Michigan State University East Lansing, MI 48864 ---------- Forwarded message ---------- Date: Tue, 16 Oct 2001 14:45:46 +0000 (GMT) From: Chris Wysopal <[log in to unmask]> To: [log in to unmask] Subject: [VulnWatch] New class of wireless attacks New class of wireless attacks Gary McGraw <[log in to unmask]> Mon, 15 Oct 2001 08:30:07 -0400 Bob Fleck, a security consultant at Cigital, working with Jordan Dimov, has discovered new class of wireless attacks that can be used to gain unauthorized access to normally-protected machines on a standard wire-based internal network. Wireless networks involve installation of a wireless Access Point on a normal internal network. This Access Point is usually connected to the wired network through a switch or a hub. The attacks discovered by Cigital are based on an adaptation of a well understood network attack from the non-wireless world known as ARP cache poisoning. This emphasizes the importance of re-considering old risks in light of new technologies, something that is especially important in software-based systems! The new class of attacks encompasses: 1) the ability to monitor and manipulate traffic between two wired hosts behind a firewall 2) the ability to monitor and manipulate traffic between a wired host and a wireless host 3) the ability to compromise roaming wireless clients attached to different Access Points 4) the ability to monitor and manipulate traffic between two wireless clients Previous wireless attacks have demonstrated that wireless traffic on an 802.11b network is vulnerable to monitoring and manipulation, even when it is "protected" with WEP encryption. This new class of attacks discovered by Cigital is based on abusing the Address Resolution Protocol (ARP) which binds internal IP addresses to ethernet addresses. Mitigating the risks of these attacks is possible. The best fix involves placing a technical barrier between the wireless network and the normal wired network. This provides only a partial solution that leaves the wireless network in a compromised state, though it protects against the worst of the attack class Cigital discovered. Further risks can be mitigated through advanced design of any and all software applications that make use of the wireless network. Bob Fleck ([log in to unmask]) and Gary McGraw ([log in to unmask]) For more, see: http://www.cigital.com/news/wireless-sec.html http://www.cigital.com/news/wireless/faq.html