[KLUG Members] new wireless vulnerability?

[Adam Tauno Williams]

> I've never heard of this one, so I'd appreciate comments.  BTW, this is
> unrelated to the MS RPC issue going around.
> A laptop with wireless and wired connection brings two subnets down.  How
> did that happen?  The laptop used WinXP Pro network wizard to connect to the
> local network.  

Doesn't that count as a problem in-and-of itself?

> For unknown reasons the wizard created a network bridge.  Here's
> where it gets interesting.

Unknown reason? It ALWAYS does this.  Or at least every time I've connected to
two nets with XPeee.

> The wireless connection got an IP address from the DHCP server (Win 2k
> server) and the user didn't know it.  The user connected the wired connection 
> and it got another IP address.  Because of the network bridge (I think), the 
> two  network  cards sucked all the IP addresses out of the system and brought 
> it and a related network down.

Seems unlikely, a bridge SHOULD not act that way.  There is either a problem in
their bridge support (A SHOCKING thought, I know, but a possibility none the
less),  or someone had their configuration seriously jacked up.

> Anyone heard of anything like this before?

No, but there are a myriad ways it can happen.  The bridge broke arp, the client
requested an IP address with the broadcast MAC, the client went into a lease
request loop, etc... All of these would require a seriously depraved network
configuration or just really really really bad software (again, SHOCKING).
 
> What would happen if a hacker connected to an available wireless network
> with -two- wireless cards installed?  Would all wireless networks be 
> vulnerable to a similar scenario?

If they operate via DHCP and there isn't stopping anyone from requesting IP
leases whilly-nilly, they could do the above with one WIC.