Recently whilst "auditing" my home network (read: hax0ring with linux) I discovered a rather shocking truth, which is the DLINK wirless ADSl router I have (supplied by telecom) will broadcast out all wired traffic over the wireless radio aswell.

I am not sure if this is limited only to DLINK's don't have anything else to test with, but basically I was simulating MITM SSL certificate injection to the wifi clients, and was intercepting all the usernames and passwords that I entered over encrypted pages on the laptop. It was just by chance that on the desktop PC that has only a wired connection to a leve1 firewall which connects to the dlink I opened outlook to check my emails and bang.. up came my pop3 username and password on the snooping laptop which has only a wireless connection.

I had a 100% success rate of pulling down the submitted data off the wired lan. I should also point out the desktop PC is on a different subnet to the wifi network, and of course https and pop3 is unicast tcp so its not like it was just broadcast traffic I was intercepting.

The one good piece of news is you have to know the wifi passkey before you can achieve any of this, so I would recommend to everyone with a DLINk to check their wifi settings are using WPA encryption (there is no excuse for using WEP) and that your passkey is strong.. I would recommend visiting:

http://www.pctools.com/guides/password/?length=20&phonetic=on&alpha=on&mixedcase=on&numeric=on&punctuation=on&quantity=10&generate=true

which will generate some random pass phrases, use at least 20 digits, with symbols and mixed case, as far as I am aware no-one has cracked WPA yet without using brute force.

Flamer.