Mailing List os2-wireless_users@2rosenthals.com Archived Message #3815 previous message next message back to list

From: Lewis G Rosenthal <os2-wireless_users@2rosenthals.com> Full Headers
Undecoded message
Sender: os2-wireless_users-owner <os2-wireless_users-owner@2rosenthals.com>
Subject: [OS2Wireless] CWNA Question of the Week
Date: Mon, 07 Feb 2005 13:26:48 -0500
To: OS/2 Wireless Users <os2-wireless_users@2rosenthals.com>

I thought this one was worth forwarding to the list. Enjoy!

*Question of the Week*

Bill, a wireless LAN end user at ABC Corporation, is transferring a file over the wireless network to a server. Approximately half way through the transfer, the transfer suddenly stops. Doing his own initial troubleshooting Bill finds that his wireless connection is still active, but he can no longer access the corporate network resources. Confused, Bill calls the help desk who asks him to check his IP address. Upon checking the IP address of Bill's workstation they find that his IP address is on the wrong subnet. The subnet on which Bill's PC is addressed is not part of the corporate network. The help desk technician informs Bill that he has been subject to what kind of wireless attack?

1. Man-in-the-middle
2. L2/L3 Hijacking
3. TCP session hijacking
4. Bit-flipping attack
5. Spread spectrum RF jamming attack
6. Eavesdropping attack

*Question of the Week Aswer*

Wireless L2/L3 hijacking attacks use a narrowband RF generator to jam (interfere with) a specific transmission channel forcing users to roam to another, more usable, channel. This usable channel is the software or hardware (usually software) access point of the intruder. When the authorized user makes an association to the intruder, this is deemed a L2 hijack. Many operating systems such as Windows 2000 and Windows XP automatically perform a DHCP renewal any time they lose Layer 2 connectivity. For this reason, the intruder can install DHCP server software on the same laptop in order to give the authorized user an IP address when one is requested. This is deemed a Layer 3 hijack. The reason for the Layer 3 hijack is that once the authorized user has an IP address on the same network segment as the intruder, the intruder will be able to perform Layer 7 (application layer) attacks against the authorized user's computer.

--
Lewis
------------------------------------------------------------
Lewis G Rosenthal, CNA, CLE
Rosenthal & Rosenthal, LLC
Accountants / Network Consultants
 New York / Northern Virginia           www.2rosenthals.com
eComStation Consultants                  www.ecomstation.com
Novell Users International        www.novell.com/linux/truth
------------------------------------------------------------


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

To unsubscribe from this list, send a message to
steward@2rosenthals.com with the command
"unsubscribe os2-wireless_users" in the body
(omit the quotes).

For help with other commands, send a message
to steward@2rosenthals.com with the command
"help" in the body (omit the quotes).

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster