Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Wireless router behaviour

Re: Wireless router behaviour

From: John Duksta <jduksta_at_gmail.com>
Date: Sun, 12 Sep 2004 15:46:07 -0400

On Fri, 10 Sep 2004 13:53:01 -0700, David Gillett <gillettdavid_at_fhda.edu> wrote:
> The port which was connected to the wired network was one of the
> LAN switch ports, and not the WAN port. So although we saw pings
> and proxy ARP replies from the router, it seems unlikely that these
> were NATted on behalf of some associated client. The client whose
> footprints led us to the router was, as you'd expect in such a
> configuration, using an address from our DHCP pool and neither the
> router's nor some other private address.

I find it very odd that you saw proxy arps replies from the router if it was
connected to your network by one of the LAN switch ports. Proxy ARP
usually only happens when you have a gateway device where the clients
do not have MAC access (PPP server), but the fact that the wireless
client that alerted you to the presence of the router was using an address
from your DHCP pool shows that there was in fact MAC access for the client.

Odd.

-john 

-- 
John Duksta <jduksta_at_gmail.com>
Can't sleep, clowns will eat me.
Received on Sep 13 2004
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos