0

my workplace is currently using a wireless router that is secured using WEP. If I connect a laptop to the wireless router with a cable, would someone that has cracked the password still be able to create a man-in-the-middle attack with the laptop? Or just with people that connect wirelessly?

Thanks

Rhys
  • 3
  • 1

1 Answers1

1

Anyone connected to the network, via wireless or wired, could use ARP spoofing or DNS hijacking to perform a man-in-the-middle attack against legitimate connections over the network.

I should point out that WEP provides security only against casual attackers. Freely available tools can crack the key using deauth and ARP injection in under a minute. I would highly suggest moving to WPA2 for your network, as WPA and WEP are considered broken.

You could also consider an enterprise option such as RADIUS for network authentication, as that provides additional security against password cracking, and integration with other user management platforms (e.g. active directory) within your environment.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • Thank you for the quick reply. So if someone is connected to the network wirelessly, they could use ARP spoofing against someone on the same network that is plugged into the router with a cable? – Rhys Jan 24 '15 at 23:32
  • @Rhys Yes. They're on the same network, so unless some odd settings are used, the attacker can send packets to the victim. That's all they need to utilise ARP spoofing or DNS hijacking. – Polynomial Jan 25 '15 at 00:08