Security Basics mailing list archives
Re: sniffing in a switched network - a presentation on ARP spoofing
From: Manu Garg <manugarg () gmail com>
Date: Mon, 4 Jul 2005 15:48:51 -0400
Greetings everyone, Since some of you really liked the presentation, I would like to mention it's french translation done by Jerome Athias. You can find it here: http://wired.s6n.com/files/jathias/arp_spoofing_in_switched_lans_FR.pdf Other updates: http://manugarg.blogspot.com/2005/06/update.html cheers, ~manu On 7/1/05, Nikolai Alexandrov <voyager123bg () gmail com> wrote:
Good one. ARP spoofing is greater security risk in my opinion than ARP poisoning. ARP poisoning is a litttle bit too noisy, and that makes it a little less of a concern (yet it shouldn't be underestimated. I've seen switches, with overflowed arp tables working like hubs...). ARP spoofing, on the other hand, could be a big problem, mainly in end-point switches (non-manageble, dumb switches). Especialy when combined with something to leave the TTL untouched by the forwarding machine(attacker)... It could be done in a way that is very, very, hard to find. Shane Singh wrote:And a whitepaper on how to detect ARP spoofing. http://www.foundstone.com/resources/perspectives/AskTheExpert-200406.pdf
-- Manu Garg http://www.manugarg.com "Truth will set you free!"
Current thread:
- Re: sniffing in a switched network - a presentation on ARP spoofing Nikolai Alexandrov (Jul 04)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)
- Re: sniffing in a switched network - a presentation on ARP spoofing Brad DeShong (Jul 11)
- Re: sniffing in a switched network - a presentation on ARP spoofing Manu Garg (Jul 05)