[Dshield] Wireless networks and corporate Lans

Johannes B. Ullrich jullrich at sans.org
Sat Feb 28 04:40:42 GMT 2004

> A laptop is connected to a corporate LAN via ethernet or a docking 
> station.  The laptop also has a wireless card installed.  A public 
> wireless access point is within range.  Will the laptop connect both 
> interfaces?  What will be the default route?  Chances are the laptop 
> will be running Win2K.

> What are the vulnerabilities? 

Worst case:

you now have a gateway into your corporate LAN.

By default, the wireless card will connect to the access point.
So now you have a dual homed system. Pretty much like a router.
Default route: depends on what the access point is telling your
system during the DHCP negotiation.

This is pretty much a worst case scenario. Similar to a user
on your LAN using a dialup modem to connect to a random ISP.
This computer is now a gateway into your network. 

In addition: This user will now takes the laptop and travel.
They will fire it up in an airport. The wireless card will
try to associate itself with any access point in range and
start 'talking'... 

I am not sure how to fix this best. Probably depends on the card.
But at least, you should install a personal firewall, so the card
is at least protected.

Funny story in this context: Last year, I helped out with a SANS
class. People where connected to a wired network and where supposed
to scan designated targets on this wired network. A student had
problems and got odd results from simple commands like traceroute.

It turned out that he has a wireless card, which was connected
to the wireless conference network. In class, the sample machines
had various host names within the 'sans.org' domain. Instead of
scanning the class systems, he scanned our actual web servers and
such (luckily he didn't find a hole ;-) ).


CTO SANS Internet Storm Center               http://isc.sans.org
phone: (617) 837 2807                          jullrich at sans.org 

contact details: http://johannes.homepc.org/contact.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20040227/22a20061/attachment.bin

More information about the list mailing list