[KLUG Members] new wireless vulnerability?
Adam Tauno Williams
members@kalamazoolinux.org
Wed, 13 Aug 2003 09:13:47 -0400
> I've never heard of this one, so I'd appreciate comments. BTW, this is
> unrelated to the MS RPC issue going around.
> A laptop with wireless and wired connection brings two subnets down. How
> did that happen? The laptop used WinXP Pro network wizard to connect to the
> local network.
Doesn't that count as a problem in-and-of itself?
> For unknown reasons the wizard created a network bridge. Here's
> where it gets interesting.
Unknown reason? It ALWAYS does this. Or at least every time I've connected to
two nets with XPeee.
> The wireless connection got an IP address from the DHCP server (Win 2k
> server) and the user didn't know it. The user connected the wired connection
> and it got another IP address. Because of the network bridge (I think), the
> two network cards sucked all the IP addresses out of the system and brought
> it and a related network down.
Seems unlikely, a bridge SHOULD not act that way. There is either a problem in
their bridge support (A SHOCKING thought, I know, but a possibility none the
less), or someone had their configuration seriously jacked up.
> Anyone heard of anything like this before?
No, but there are a myriad ways it can happen. The bridge broke arp, the client
requested an IP address with the broadcast MAC, the client went into a lease
request loop, etc... All of these would require a seriously depraved network
configuration or just really really really bad software (again, SHOCKING).
> What would happen if a hacker connected to an available wireless network
> with -two- wireless cards installed? Would all wireless networks be
> vulnerable to a similar scenario?
If they operate via DHCP and there isn't stopping anyone from requesting IP
leases whilly-nilly, they could do the above with one WIC.