Full Disclosure mailing list archives
Re: Re: The ArpSucker is b0rn! Be yourself, be the net.
From: nirvana <karmic_nirvana () yahoo com>
Date: Tue, 14 Sep 2004 07:28:48 -0700 (PDT)
nice.....real nice! --- VX Dude <vxdude2003 () yahoo com> wrote:
Hello to all the xposted lists out there =D If it's not a threat to you're wonderfully managed system, then you have nothing to worry about. SO the guy wrote a tool, thats what hackers do. If it's successful, if it's not, (s)he will figure that out themselves when it is, and why. Learning is the Way of the Hacker. Speaking of moderating, what value did your post add? And you had to reply to all? Seems like you just wanted to advertise bugtraq to all the other lists. <ad>This just shows that the Full-Disclosure audience is far more sophisticated then the censorship loving children of Bugtraq.</ad> To Alpt, nice tool, I have no use for it, but still its nice to see someone exploring and coding. Let assholes like stefen here teach you a lesson and remember to not disclose anything. Put on the blackhat and keep your knowledge to yourself, no one else deserves it. You do you're own work, and create your own ideas, and this is the type of thanks you get? No, this is a whitehat trick. See they want you to work gain their approval. By not giving you the credit you deserve, they'll get you to think that their approval is something worth getting. This is just the first step to being a sellout, a whitehat. Don't fall for their jedi mind tricks, become independant and create for no one but yourself. Remember stefen's insults, for this is the thanks of a whitehat. Stinny Internet Sniper --- Stefan.Laudat () allianztiriac ro wrote:Usually lame kiddie posts like this shouldn'treachthe list. Old school ARP attacks are no longer a threat in a decently managed layer 2 network. I thought bugtraq is still moderated. Oh, Aleph1, where art thee ? --- Stefan Laudat Networking & IT Security Manager Allianz Tiriac SA Insurance -- This message is protected by the secrecy of correspondence rules ; furthermore it may contain privileged or confidential information that is protected by law, notably by the secrecy ofbusinessrelations rule ; it is intended solely for the attention of the addressee.Any disclosure, use, dissemination or reproduction (either whole or partial) of this message or the information contained herein is strictly prohibited without prior consent. Any electronic message is susceptible toalterationand its integrity can not be assured. Allianz Tiriac declines any responsibility for this message in the event of alteration or falsification. If you are not the intended recipient, please destroy it immediately and notify the sender of the wrong delivery and thedeletion. Alpt <alpt () freaknet org> 13.09.2004 23:05 To: primavera () freaknet org cc: hackmeeting () kyuzz org, hackers () dyne org, ml () sikurezza org, bugtraq () securityfocus com, full-disclosure () lists netsys com, security-alerts () linuxsecurity com Subject: The ArpSucker is b0rn! Be yourself, be the net. Freaknet Death C is pridetopresent ya: }----------------- (TheArpSucker)----------------{ Hi folks, Did you ever dreamed to become the net, to be abig,bad, black, black, black hole? Yep! I did. This code was made the "12 Sept 2004". It started to dawn and I, Tomak and Nirvana, after eating some food, started to rave. Tomak downloaded fakeap.pl; But I also wanted to give my good amount of death. So I told: <<Why not fakeip?>>. Tomak: <<Yea, good idea, but why don't you wake up all those sleeper with a sane Systemofa Down's song?>> After a while, I started to code TheArpSucker... Then Elibus, Pallotron were my favourite guineapigsfor direct attacks. The idea is simple: we add all the ip we want to become in the arp cache of all the machines. Yes, it's the normal arp poisoning, but we want to become the ENTIRE NETWORK! The tests of the global arp cache smashing were successful, I became the entire 10.0.0.x and 10.0.1.x network. All the packetswentto me and, with the ip_forward activated, I resent them to the real destination. Then when I tried to become all the 2^32-1 IPs, I realized that the attacked machine (elibus and pallotron, eheheh), were under amortalDoS. The Elibus' machine was constantly at 100% of cpu until Elibus unpluggedtheeth0 cable, while the Pallotron's machine went in kernel panic!. Elibus uses an x86 arch with the linux kernel, pallotron uses An Apple I-book, with MacOsx. Asbesto was giving his blessing to spread death in our bicazzo network, and Elibus died because he didn't want to share his gprsconnection,AHHAHAHAHA. -E l i B u S -RIP. He was a good guinea pig (^_^) That was an happy day! So, here it is the code, Here I spread the src in the wired. The ArpSucker is a patch to arping of iputils:
http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch
You can get the right version of iputils here:
http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz
=== message truncated === _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- The ArpSucker is b0rn! Be yourself, be the net. Alpt (Sep 13)
- Re: The ArpSucker is b0rn! Be yourself, be the net. Stefan . Laudat (Sep 14)
- Re: Re: The ArpSucker is b0rn! Be yourself, be the net. VX Dude (Sep 14)
- Re: Re: The ArpSucker is b0rn! Be yourself, be the net. nirvana (Sep 14)
- Re: Re: The ArpSucker is b0rn! Be yourself, be the net. Barrie Dempster (Sep 14)
- Re: Re: The ArpSucker is b0rn! Be yourself, be the net. Syke (Sep 14)
- Re: Re: The ArpSucker is b0rn! Be yourself, be the net. VX Dude (Sep 14)
- Re: The ArpSucker is b0rn! Be yourself, be the net. H D Moore (Sep 16)
- <Possible follow-ups>
- RE: The ArpSucker is b0rn! Be yourself, be the net. Compton, Rich (Sep 14)
- Re: The ArpSucker is b0rn! Be yourself, be the net. Gregory Steuck (Sep 15)
- Re: The ArpSucker is b0rn! Be yourself, be the net. Stefan . Laudat (Sep 14)