On 2/16/07, Herbert Graf wrote: > > in a campus computer room... "infrastructure mode" doesn't mean > > that I'm not allowed to send packets to other wireless users on > > the same IP, does it? > > Depends on the router. Many of the ones designed for "public" use can be > set to isolate each wireless client. The clients can talk to the router, > but can't talk to each other. Common consumer routers tend to not have > this optional restriction. The Linksys WRT54G(S) and the Linux variant running alternative firmware (DD-WRT) can do this "isolation" mode also. They also can integrate to authentication servers (RADIUS) and about a million other things.. the alternative firmware (especially on pre-VxWorks versions of the router with the larger flash and RAM) makes quite a capable little Linux machine, complete with SSH access and a BusyBox command line. In fact... a Linksys router loaded with the correct "stuff" and a laptop, and you'd have everything you need to conduct that phishing scam someone mentioned of collecting credit card info in an airport. Some models even have enough "drive" space via JFFS2 to store the information collected... Find a wall outlet, have it pre-loaded with something that looks like a carrier's website/authentication pages (or just copy theirs) and some creative routing through a laptop with a broadband Internet cellular card (so the poor folks being scammed actually get their desired internet connection)... and you'd be done. Since you're routing through the laptop, tools like dsniff on the laptop could grab every single non-encrypted user/password combo for all the common protocols also... IM clients, mail, etc... Piece of cake... and it'd look JUST like the person had logged into the appropriate carrier's network -- but the IP's would be wrong if they bothered to check their public IP address, and there'd be a few other hints... but not much. The ability available for only a few dollars (compared to what people will trust to a web browser in a public place) to abuse 802.11 end-users who aren't using end-to-end encryption of everything they do... is truly amazing. Nate -- http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist