Home page logo

pen-test logo Penetration Testing mailing list archives

Wireless Access Points and ARP Poisoning
From: aleph1 () securityfocus com
Date: Fri, 19 Oct 2001 11:48:43 -0600

Wireless Access Points and ARP Poisoning:
Wireless vulnerabilities that expose the wired network
Bob Fleck <rfleck () cigital com>, Jordan Dimov <jdimov () cigital com>

Address resolution protocol (ARP) cache poisoning is a MAC layer attack that
can only be carried out when an attacker is connected to the same local 
network as the target machines, limiting its effectiveness only to networks 
connected with switches, hubs, and bridges; not routers. Most 802.11b access 
points acts as transparent MAC layer bridges, which allow ARP packets to 
pass back and forth between the wired and wireless networks. This 
implementation choice for access points allows ARP cache poisoning attacks 
to be executed against systems that are located behind the access point. In 
unsafe deployments, wireless attackers can compromise traffic between 
machines on the wired network behind the wireless network, and also 
compromise traffic between other wireless machine including roaming clients 
in other cells. Of particular note is the vulnerability of home combination 
devices that offer a wireless access point, a switch, and a DSL/cable modem 
router in one package. These popular consumer devices allow a wireless 
attacker to compromise traffic between computes connected to the built-in 


Elias Levy
Si vis pacem, para bellum

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
  • Wireless Access Points and ARP Poisoning aleph1 (Oct 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]