multiple interfaces on same subnet
Jerry Feldman
gaf-mNDKBlG2WHs at public.gmane.org
Wed Nov 18 07:35:11 EST 2009
This is certainly a possibility since there are about 30 wireless
connections available on my floor, and some are very close by. Normally,
my Linux laptop runs wireless only, but I have our wireless set as auto,
but I've seen it misconnect. Fortunately, netmanager pops up a small
window noting who its connected to so if I happen to be in front of it
at the time, I would know something is amiss.
The Windows laptop was set up by out IT guys in New York. My old laptop
(T43) was permanently tethered to my desk with wireless disabled. This
laptop came with a docking station, but I'll probably keep it tethered.
However I think you raise some very good points on security. In my case,
it is obtaining it's ip addresses from our DHCP server so it does not
pose a security issue unless the wireless decides it does not like our
wireless and locks on to someone else's.
The implied advice is probably to disable wireless on this box while it
is tethered.
On 11/17/2009 03:56 PM, Bill Bogstad wrote:
>
> >From a security perspective, this is a potential problem. Your laptop=
> is now a connection between two (potentially different)
> networks with different security profiles. In some ways, it's
> equivalent to the old problem of people attaching modems to their
> desktop
> computer which was connected to the corporate network. They would set
> up their desktop to allow remote login so they could access
> work files from home. Attackers would war dial people's extensions
> looking for open modems. Exploiting your dual interface machine would
> be more complicated as it would require setting up a nearby rogue
> wireless access point to which your laptop would connect while you had
> a wired connection to the corporate network.
>
> At a minimum, you should make sure that your laptop isn't set up to
> forward packets between the interfaces. Not doing so would allow
> network connections between the two different interfaces without
> dealing with any host based authentication on your laptop at all.
>
> Bill Bogstad
>
> =20
--=20
Jerry Feldman <gaf-mNDKBlG2WHs at public.gmane.org>
Boston Linux and Unix
PGP key id: 537C5846
PGP Key fingerprint: 3D1B 8377 A3C0 A5F2 ECBB CA3B 4607 4319 537C 5846
More information about the Discuss
mailing list