OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chris Wysopal (weldvulnwatch.org)
Date: Tue Oct 16 2001 - 09:45:46 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    New class of wireless attacks
    Gary McGraw <gemcigital.com>
    Mon, 15 Oct 2001 08:30:07 -0400

    Bob Fleck, a security consultant at Cigital, working with Jordan Dimov, has
    discovered new class of wireless attacks that can be used to gain
    unauthorized access to normally-protected machines on a standard wire-based
    internal network. Wireless networks involve installation of a wireless
    Access Point on a normal internal network. This Access Point is usually
    connected to the wired network through a switch or a hub. The attacks
    discovered by Cigital are based on an adaptation of a well understood
    network attack from the non-wireless world known as ARP cache poisoning.
    This emphasizes the importance of re-considering old risks in light of new
    technologies, something that is especially important in software-based
    systems!

    The new class of attacks encompasses:
    1) the ability to monitor and manipulate traffic between two wired
       hosts behind a firewall
    2) the ability to monitor and manipulate traffic between a wired host
       and a wireless host
    3) the ability to compromise roaming wireless clients attached to
       different Access Points
    4) the ability to monitor and manipulate traffic between two wireless clients

    Previous wireless attacks have demonstrated that wireless traffic on an
    802.11b network is vulnerable to monitoring and manipulation, even when it
    is "protected" with WEP encryption. This new class of attacks discovered by
    Cigital is based on abusing the Address Resolution Protocol (ARP) which
    binds internal IP addresses to ethernet addresses.

    Mitigating the risks of these attacks is possible. The best fix involves
    placing a technical barrier between the wireless network and the normal
    wired network. This provides only a partial solution that leaves the
    wireless network in a compromised state, though it protects against the
    worst of the attack class Cigital discovered. Further risks can be
    mitigated through advanced design of any and all software applications that
    make use of the wireless network.

    Bob Fleck (fleckcigital.com) and Gary McGraw (gemcigital.com)

    For more, see:
      http://www.cigital.com/news/wireless-sec.html
      http://www.cigital.com/news/wireless/faq.html