Re: Redir games with ARP and ICMP

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ulrich Flegel: "SSH/X11 vulnerability - pointer to draft"
• Previous message: Alan Cox: "Re: Redir games with ARP and ICMP"
• Maybe in reply to: Yuri Volobuev: "Redir games with ARP and ICMP"
• Next in thread: Ulrich Flegel: "Re: Redir games with ARP and ICMP"

It's a pretty stupid admin who counts on a station being able to sniff
attacks and then puts the monitoring station behind a switch.

Not that there aren't plenty of stupid admins out there, of course.
But I certainly know if _I_ were counting on my monitoring station
being able to snoop such things I'd make damn sure the switch forwarded
everything to it. (All switches I've seen are capable of this.)

> A filtering hub lets you perform this attack

> ping the two hosts you wish to snoop between.

> Using the mac address you learn via arp send both a unicast arp
> giving yourself as the answer for the other IP address.

"arp info for 0x11223344 overwritten by 01:02:03:04:05:06"

Not that anyone will necessarily notice, of course, but still.

der Mouse

mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

• Next message: Ulrich Flegel: "SSH/X11 vulnerability - pointer to draft"
• Previous message: Alan Cox: "Re: Redir games with ARP and ICMP"
• Maybe in reply to: Yuri Volobuev: "Redir games with ARP and ICMP"
• Next in thread: Ulrich Flegel: "Re: Redir games with ARP and ICMP"