Re: device connection hijacking

From: Jordan Wiens (jwiens@nersp.nerdc.ufl.edu)
Date: Tue Sep 02 2003 - 10:44:45 EDT


On Mon, 1 Sep 2003, Chris Reining wrote:

> Another option would be an ipaq with wireless and USB ethernet running
> off battery.

Or a dreamcast... ;-)
http://www.dcphonehome.com/index.html
http://www.linuxdevices.com/articles/AT2269911435.html

> And another option would be a small laptop, even a cheap 486 with PCMCIA
> slots that you can throw ethernet and wireless in, running off battery.
>
> This is why MAC addresses should be tied to specific ports although an
> administrative nightmare in educational or large corporation settings.

That doesn't really do anything. An inline device need not even have a
mac address, it could be completely transparent. And even if it did, it's
trivial to spoof the 'approved' mac. MAC security does very little
against this threat.

-- 
Jordan Wiens, CISSP
UF Network Incident Response Team
(352)392-2061
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT