From: Chris Reining (creining@packetfu.org)
Date: Mon Sep 01 2003 - 22:53:25 EDT
Bryan,
One route that you may want to go in exploiting this layer 1 issue is
using an access point with either your own hacked in PoE (Power over
Ethernet) or using one with a PoE module. Some manufacturers, like
Symbol and Lucent, make APs with these addons otherwise you can attempt
to do it yourself - however, you can cause serious damage to the AP and
other equipment. There are howto's online for the DIY route. This would
require power to be in another hidden location, as one of your
possible requirements noted, and to properly get it to the AP.
Another option would be an ipaq with wireless and USB ethernet running
off battery.
And another option would be a small laptop, even a cheap 486 with PCMCIA
slots that you can throw ethernet and wireless in, running off battery.
This is why MAC addresses should be tied to specific ports although an
administrative nightmare in educational or large corporation settings.
Chris
On Sat, Aug 30, 2003 at 08:15:56PM -0500, Bryan wrote:
> Hello all.
>
> I saw something today that got the wheels turning as a potential
> vulnerability in network deployment. Let's say a client company has some
> sort of proprietary device out in the open for anybody to use, and is
> connected to the internal network through a regular 100BaseT connection.
> But that cable is easily unplugged... and plugged into whatever you
> want. Should one want to connect to the network through that connection,
> wouldn't it be possible to attach a wired/wireless converter to the
> line, and connect to the network via wireless adapter on your machine
> from some distance away without anyone being any the wiser?
>
> I did some googling for such a device, and found a few products, but
> none that would suit the needs for this application. It should be small
> enough to hide, needing only one rj45 port, and maybe a wireless
> antenna. And it should also be battery powered as you most likely
> wouldn't have a power outlet nearby, much less one that could be
> stealthily utilized. Then just a little wireless sniffing should help
> you out from there, right?
>
> Any ideas? Thanks
>
> Bryan
>
>
> ---------------------------------------------------------------------------
> FREE Trial!
> New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
> and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
> technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
> ----------------------------------------------------------------------------
>
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT