BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

multiple interfaces on same subnet

Subject: multiple interfaces on same subnet
From: gaf-mNDKBlG2WHs at public.gmane.org (Jerry Feldman)
Date: Wed, 18 Nov 2009 07:35:11 -0500
In-reply-to: <2d6a9f6f0911171256l5ec7dab8t864a88c3634bc3f0-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
References: <4B030757.2050604@blu.org> <2d6a9f6f0911171256l5ec7dab8t864a88c3634bc3f0@mail.gmail.com>

This is certainly a possibility since there are about 30 wireless
connections available on my floor, and some are very close by. Normally,
my Linux laptop runs wireless only, but I have our wireless set as auto,
but I've seen it misconnect. Fortunately, netmanager pops up a small
window noting who its connected to so if I happen to be in front of it
at the time, I would know something is amiss.

The Windows laptop was set up by out IT guys in New York. My old laptop
(T43) was permanently tethered to my desk with wireless disabled. This
laptop came with a docking station, but I'll probably keep it tethered.

However I think you raise some very good points on security. In my case,
it is obtaining it's ip addresses from our DHCP server so it does not
pose a security issue unless the wireless decides it does not like our
wireless and locks on to someone else's.

The implied advice is probably to disable wireless on this box while it
is tethered.

On 11/17/2009 03:56 PM, Bill Bogstad wrote:
>
> >From a security perspective, this is a potential problem.  Your laptop=

> is now a connection between two (potentially different)
> networks with different security profiles.  In some ways, it's
> equivalent to the old problem of people attaching modems to their
> desktop
> computer which was connected to the corporate network.  They would set
> up their desktop to allow remote login so they could access
> work files from home.  Attackers would war dial people's extensions
> looking for open modems.  Exploiting your dual interface machine would
> be more complicated as it would require setting up a nearby rogue
> wireless access point to which your laptop would connect while you had
> a wired connection to the corporate network.
>
> At a minimum, you should make sure that your laptop isn't set up to
> forward packets between the interfaces.  Not doing so would allow
> network connections between the two different interfaces without
> dealing with any host based authentication on your laptop at all.
>
> Bill Bogstad
>
>  =20

--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB  CA3B 4607 4319 537C 5846

References:
- multiple interfaces on same subnet
  - From: gaf-mNDKBlG2WHs at public.gmane.org (Jerry Feldman)
- multiple interfaces on same subnet
  - From: bogstad-e+AXbWqSrlAAvxtiuMwx3w at public.gmane.org (Bill Bogstad)

Prev by Date: multiple interfaces on same subnet
Next by Date: used computer $500 or best offer
Previous by thread: multiple interfaces on same subnet
Next by thread: multiple interfaces on same subnet
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org