From: Paul Melson (pmelson@gmail.com)
Date: Tue Nov 13 2007 - 09:36:36 EST
> I was in a free wi-fi hotspot the other day and just for kicks ran an NMAP
scan to see how
> many people were logged on.
>
> I noticed something peculiar though. Every IP address had identical MAC
addresses. Is this
> some security thing the hotspot had going on? Or is it some kind of
devious thing going on
> by one of the other customers in the hotspot?
What this indicates to me is that your NMap scan passed through a router or
a bridge of some kind. This could be caused by your scan hitting devices on
a wired network on the other side of the wireless access point. It could
also have to do with the way local masks and routes are configured on the
access point. Or, as you suggest, it could be the symptom of someone using
ARP poisoning to make themselves the route for all traffic on that wireless
network. Without more information, it's difficult to make a solid
determination.
PaulM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:12 EDT