Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: wireless sniffing question
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Sat, 04 Dec 2004 15:25:35 +0100

Le samedi 04 décembre 2004 à 03:09 -0500, question question a écrit :
Lets say I have a Linksys (or whichever brand you like) wireless
router with a wireless host using 128 bit WEP encryption, and a wired
host connected to the same device.  Obviously it is possible for the
wired box to do various arp attacks on the switch to view other wired
hosts traffic. But does the same apply for the wireless host?

Yes, most probably.
Most WiFi routeurs act as a bridge between internal wired network and
wireless network. The routeur part occurs between internal network (WiFi
+LAN) and WAN port. Thus, ARP attacks can occurs between the two
networks, meaning a wireless station can attack a wired one and

Can the wired host trick the switch on the Linksys into forwarding the
wireless clients packets to him via the regular wire?

As shown above, definitly yes.
Then it can deploy cleartext attacks against WEP, as an example...

PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]