[KLUG Members] new wireless vulnerability?

bill members@kalamazoolinux.org
Wed, 13 Aug 2003 09:33:52 -0400 

Adam Tauno Williams wrote:

> > I've never heard of this one, so I'd appreciate comments.  BTW, this is
> > unrelated to the MS RPC issue going around.
> > A laptop with wireless and wired connection brings two subnets down.  How
> > did that happen?  The laptop used WinXP Pro network wizard to connect to the
> > local network.
>
> Doesn't that count as a problem in-and-of itself?
>
> > For unknown reasons the wizard created a network bridge.  Here's
> > where it gets interesting.
>
> Unknown reason? It ALWAYS does this.  Or at least every time I've connected to
> two nets with XPeee.

Pay no attention to the man behind the curtain.  The wizard is sure to mess things
up.

> > The wireless connection got an IP address from the DHCP server (Win 2k
> > server) and the user didn't know it.  The user connected the wired connection
> > and it got another IP address.  Because of the network bridge (I think), the
> > two  network  cards sucked all the IP addresses out of the system and brought
> > it and a related network down.
>
> Seems unlikely, a bridge SHOULD not act that way.  There is either a problem in
> their bridge support (A SHOCKING thought, I know, but a possibility none the
> less),  or someone had their configuration seriously jacked up.

Whose bridge support, the client or the server?  I'm stumped how it happend in the
first place.

> > Anyone heard of anything like this before?
>
> No, but there are a myriad ways it can happen.  The bridge broke arp, the client
> requested an IP address with the broadcast MAC, the client went into a lease
> request loop, etc... All of these would require a seriously depraved network
> configuration or just really really really bad software (again, SHOCKING).

Could you translate "the bridge broke arp"?  There was obviously some sort of lease
request loop.

> > What would happen if a hacker connected to an available wireless network
> > with -two- wireless cards installed?  Would all wireless networks be
> > vulnerable to a similar scenario?
>
> If they operate via DHCP and there isn't stopping anyone from requesting IP
> leases whilly-nilly, they could do the above with one WIC.

It seems to me that DHCP with IP leases free for the asking are the most common
setup, which made me wonder how vulnerable the average wireless network is to
someone just driving down the street.

kind regards,

bill