Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: switched n/w

From: Jacob Weeks <jaweeks () gmail com>
Date: Wed, 8 Dec 2004 06:28:40 -0700
An ARP spoofing attack would allow someone to view any network traffic
they wanted on the network.  A utility called ettercap will actually
allow you to pull content out of a stream between 2 computers over a
switched link.  As for changing? using such a utility you would need
to know the exact protocols and be able to script the alterations.

Which type of systems are the users complaining about their info being
changed?  Could someone be running a tool like ettercap and getting
passwords that let someone login as those users and change the
information that way?

On Wed, 08 Dec 2004 00:00:24 +0530, kaushal <kaushal () rocsys com> wrote:

Hi,
   Iam a bit new to network securities.We have a switched network and to
my knowledge a hosts' data cannot be sniffed by other host by runnning
tcpdump.But Iam receiving complaints from few users that their data is
being changed/manipulated.Is this possible?
How can I avoid this at the host level?Does this mean the server has
been compromised?Any help or pointer in this aspect would be highly
appreciated.

thanks in advance.

kaushal.
Previous By Date Next
Previous By Thread Next

Current thread: