Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: The ArpSucker is b0rn! Be yourself, be the net.

From: nirvana <karmic_nirvana () yahoo com>
Date: Tue, 14 Sep 2004 07:28:48 -0700 (PDT)
nice.....real nice!

--- VX Dude <vxdude2003 () yahoo com> wrote:


Hello to all the xposted lists out there =D

If it's not a threat to you're wonderfully managed
system, then you have nothing to worry about.  SO
the
guy wrote a tool, thats what hackers do.  If it's
successful, if it's not, (s)he will figure that out
themselves when it is, and why.  Learning is the Way
of the Hacker.

Speaking of moderating, what value did your post
add? 
And you had to reply to all?  Seems like you just
wanted to advertise bugtraq to all the other lists. 


<ad>This just shows that the Full-Disclosure
audience
is far more sophisticated then the censorship loving
children of Bugtraq.</ad>

To Alpt, nice tool, I have no use for it, but still
its nice to see someone exploring and coding.  Let
assholes like stefen here teach you a lesson and
remember to not disclose anything.  Put on the
blackhat and keep your knowledge to yourself, no one
else deserves it.

You do you're own work, and create your own ideas,
and
this is the type of thanks you get?  No, this is a
whitehat trick.  See they want you to work gain
their
approval.  By not giving you the credit you deserve,
they'll get you to think that their approval is
something worth getting.  This is just the first
step
to being a sellout, a whitehat.

Don't fall for their jedi mind tricks, become
independant and create for no one but yourself. 
Remember stefen's insults, for this is the thanks of
a
whitehat.

Stinny
Internet Sniper

--- Stefan.Laudat () allianztiriac ro wrote:


Usually lame kiddie posts like this shouldn't

reach

the list. Old school 
ARP attacks are no longer a threat in a decently
managed layer 2
network. I thought bugtraq is still moderated. Oh,
Aleph1, where art thee 
?

---
Stefan Laudat
Networking & IT Security Manager
Allianz Tiriac SA Insurance
--
This message is protected by the secrecy of
correspondence rules ; 
furthermore it may contain privileged or
confidential information that is
protected by law, notably by the secrecy of

business

relations rule ; it 
is
intended solely for the attention of the addressee

.

Any disclosure, use,
dissemination or reproduction (either whole or
partial) of this message or
the information contained herein is strictly
prohibited without prior
consent.
Any electronic message is susceptible to

alteration

and its integrity can
not be assured. Allianz Tiriac declines any
responsibility for this 
message in the
event of alteration or falsification.
If you are not the intended recipient, please
destroy it immediately and
notify the sender of the wrong delivery and the

mail

deletion.







Alpt <alpt () freaknet org>
13.09.2004 23:05
 
        To:     primavera () freaknet org
        cc:     hackmeeting () kyuzz org,
hackers () dyne org, ml () sikurezza org, 
bugtraq () securityfocus com,
full-disclosure () lists netsys com, 
security-alerts () linuxsecurity com
        Subject:        The ArpSucker is b0rn! Be
yourself, be the net.



                        Freaknet Death C is pride

to

present ya:
                 }----------------- (The

ArpSucker)

----------------{

Hi folks, 
Did you ever dreamed to become the net, to be a

big,

bad, black, black,
black hole?
Yep! I did.

This code was made the "12 Sept 2004".
It started to dawn and I, Tomak and Nirvana, after
eating some food,
started to rave. 
Tomak downloaded fakeap.pl; But I also wanted to
give my good amount of 
death. 
So I told: <<Why not fakeip?>>. Tomak: <<Yea, good
idea, but why don't
you wake up all those sleeper with a sane System

of

a Down's song?>>
After a while,
I started to code TheArpSucker...
Then Elibus, Pallotron were my favourite guinea

pigs

for direct attacks.

The idea is simple: we add all the ip we want to
become in the arp cache 
of
all the machines. Yes, it's the normal arp
poisoning, but we want to 
become
the ENTIRE NETWORK!
The tests of the global arp cache smashing were
successful, I became the 
entire 
10.0.0.x and 10.0.1.x network. All the packets

went

to me and, with the 
ip_forward 
activated, I resent them to the real destination.

Then when I tried to become all the 2^32-1 IPs, I
realized that the 
attacked machine
(elibus and pallotron, eheheh), were under a

mortal

DoS. The Elibus' 
machine was
constantly at 100% of cpu until Elibus unplugged

the

eth0 cable, while the 
Pallotron's
machine went in kernel panic!. Elibus uses an x86
arch with the linux 
kernel, pallotron
uses An Apple I-book, with MacOsx.
Asbesto was giving his blessing to spread death in
our bicazzo network, 
and Elibus died
because he didn't want to share his gprs

connection,

AHHAHAHAHA.
                                                 -



E l i B u S -
                                                  

 

   RIP.
                                     He was a good
guinea pig
(^_^)
That was an happy day!
So, here it is the code, Here I spread the src in
the wired.

The ArpSucker is a patch to arping of iputils:




http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch

You can get the right version of iputils here:




http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz



=== message truncated ===



                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: