Discover Network Security News
New class of wireless attacks
The new class of attacks encompasses:
1) the ability to monitor and manipulate traffic between two wired hosts behind a firewall
2) the ability to monitor and manipulate traffic between a wired host and a wireless host
3) the ability to compromise roaming wireless clients attached to different Access Points
4) the ability to monitor and manipulate traffic between two wireless clients
Previous wireless attacks have demonstrated that wireless traffic on an 802.11b network is vulnerable to monitoring and manipulation, even when it is "protected" with WEP encryption. This new class of attacks discovered by Cigital is based on abusing the Address Resolution Protocol (ARP) which binds internal IP addresses to ethernet addresses.
Mitigating the risks of these attacks is possible. The best fix involves placing a technical barrier between the wireless network and the normal wired network. This provides only a partial solution that leaves the wireless network in a compromised state, though it protects against the worst of the attack class Cigital discovered. Further risks can be mitigated through advanced design of any and all software applications that make use of the wireless network.
Bob Fleck (firstname.lastname@example.org) and Gary McGraw (email@example.com)
For more, see: