Message-ID: <4207B2E8.2000502@2rosenthals.com>
Organization: Rosenthal & Rosenthal
User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.8a6) Gecko/20041130 MultiZilla/1.6.4.0b Mnenhy/0.6.0.104
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Date:  Mon, 07 Feb 2005 13:26:48 -0500
Sender: os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Reply-To: os2-wireless_users@2rosenthals.com
From:  Lewis G Rosenthal <os2-wireless_users@2rosenthals.com>
To:  OS/2 Wireless Users <os2-wireless_users@2rosenthals.com>
Subject: [OS2Wireless] CWNA Question of the Week

I thought this one was worth forwarding to the list. Enjoy!

*Question of the Week*

Bill, a wireless LAN end user at ABC Corporation, is transferring a file 
over the wireless network to a server. Approximately half way through 
the transfer, the transfer suddenly stops. Doing his own initial 
troubleshooting Bill finds that his wireless connection is still active, 
but he can no longer access the corporate network resources. Confused, 
Bill calls the help desk who asks him to check his IP address. Upon 
checking the IP address of Bill's workstation they find that his IP 
address is on the wrong subnet. The subnet on which Bill's PC is 
addressed is not part of the corporate network. The help desk technician 
informs Bill that he has been subject to what kind of wireless attack?

1. Man-in-the-middle
2. L2/L3 Hijacking
3. TCP session hijacking
4. Bit-flipping attack
5. Spread spectrum RF jamming attack
6. Eavesdropping attack

*Question of the Week Aswer*

Wireless L2/L3 hijacking attacks use a narrowband RF generator to jam 
(interfere with) a specific transmission channel forcing users to roam 
to another, more usable, channel. This usable channel is the software or 
hardware (usually software) access point of the intruder. When the 
authorized user makes an association to the intruder, this is deemed a 
L2 hijack. Many operating systems such as Windows 2000 and Windows XP 
automatically perform a DHCP renewal any time they lose Layer 2 
connectivity. For this reason, the intruder can install DHCP server 
software on the same laptop in order to give the authorized user an IP 
address when one is requested. This is deemed a Layer 3 hijack. The 
reason for the Layer 3 hijack is that once the authorized user has an IP 
address on the same network segment as the intruder, the intruder will 
be able to perform Layer 7 (application layer) attacks against the 
authorized user's computer.

-- 
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
  New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users International        www.novell.com/linux/truth
------------------------------------------------------------
 

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).

For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=