** Reply to message from Stan Goodman <sgood@hashkedim.com> on Mon, 07 Feb 2005 23:13:57 +0200
very interesting but there seems to be much more to this than just the L2/L3 hijack. It said that
Bill was xfering files to a server on the corporate LAN. This means that the hijacker actually got
in the middle of Bill and ABCcorp and this means he/she got into the ABCcorp LAN such that Bill
could think the was xfering files to/from a corporate server. Unless I'm missing something, this is
a bit more involved hijacking but then again, it's probably a MS Windows LAN and the hijacker has
probably been in the LAN for far longer than he/she's been in the middle of end users.
The question is, what can we do, or use, to keep and eye on this kind of thing? And can we script
this up so checks are made every time the wireless network come up?
Doug
> ** Reply to message from Lewis G Rosenthal <lgrosenthal@2rosenthals.com> on
> Mon, 07 Feb 2005 13:26:48 -0500
>
>
> > I thought this one was worth forwarding to the list. Enjoy!
> >
> > *Question of the Week*
> >
> > Bill, a wireless LAN end user at ABC Corporation, is transferring a file
> > over the wireless network to a server. Approximately half way through
> > the transfer, the transfer suddenly stops. Doing his own initial
> > troubleshooting Bill finds that his wireless connection is still active,
> > but he can no longer access the corporate network resources. Confused,
> > Bill calls the help desk who asks him to check his IP address. Upon
> > checking the IP address of Bill's workstation they find that his IP
> > address is on the wrong subnet. The subnet on which Bill's PC is
> > addressed is not part of the corporate network. The help desk technician
> > informs Bill that he has been subject to what kind of wireless attack?
> >
> > 1. Man-in-the-middle
> > 2. L2/L3 Hijacking
> > 3. TCP session hijacking
> > 4. Bit-flipping attack
> > 5. Spread spectrum RF jamming attack
> > 6. Eavesdropping attack
> >
> > *Question of the Week Aswer*
> >
> > Wireless L2/L3 hijacking attacks use a narrowband RF generator to jam
> > (interfere with) a specific transmission channel forcing users to roam
> > to another, more usable, channel. This usable channel is the software or
> > hardware (usually software) access point of the intruder. When the
> > authorized user makes an association to the intruder, this is deemed a
> > L2 hijack. Many operating systems such as Windows 2000 and Windows XP
> > automatically perform a DHCP renewal any time they lose Layer 2
> > connectivity. For this reason, the intruder can install DHCP server
> > software on the same laptop in order to give the authorized user an IP
> > address when one is requested. This is deemed a Layer 3 hijack. The
> > reason for the Layer 3 hijack is that once the authorized user has an IP
> > address on the same network segment as the intruder, the intruder will
> > be able to perform Layer 7 (application layer) attacks against the
> > authorized user's computer.
>
> Very clear. Now it's much easier for me to understand why so many people use
> Windows2000 and WindowsXP operationg systems. Horation Alger was right: "If you
> build a better mousetrap, the world will beat a footpath to your door".
>
> --
> Stan Goodman
> Qiryat Tiv'on
> Israel
>
> "When your enemy falls, do not rejoice." -- Proverbs 24:17
>
> If a pig loses its voice, is it disgruntled?
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
>
> To unsubscribe from this list, send a message to
> steward@2rosenthals.com with the command
> "unsubscribe os2-wireless_users" in the body
> (omit the quotes).
>
> For help with other commands, send a message
> to steward@2rosenthals.com with the command
> "help" in the body (omit the quotes).
>
> This list is hosted by Rosenthal & Rosenthal
> P.O. Box 281, Deer Park, NY 11729-0281. Non-
> electronic communications related to content
> contained in these messages should be directed
> to the above address. (CAN-SPAM Act of 2003)
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).
For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).
This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)
back to list