Full Disclosure mailing list archives
Re: HTTP AUTH BASIC monowall.
From: Simon Smith <simon () snosoft com>
Date: Wed, 15 Mar 2006 11:55:13 -0500
Ok, As suspected... so I am correct; and it is a security threat. I can compromise a network, arp poison it, MiTM, access the firewall, distributed metastasis, presto... owned... Michael Holstein wrote:
which brings up a question... what are the odds that someone could forcefully redirect traffic to their proxy after having compromised a network? Could this be done with arp poisoning? I haven't toyed with that in a while so I can't say yes or no...If it's Ethernet, and you're on the same broadcast network, yes. Check out arpspoof (part of dsniff). You also need to setup a userspace router to forward the packets -- easiest way is fragrouter. FYI : this also works quite well on wireless. ~Mike.
-- Regards, Adriel T. Desautels Harvard Security Group http://www.harvardsecuritygroup.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: HTTP AUTH BASIC monowall., (continued)
- Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 13)
- RE: HTTP AUTH BASIC monowall. Lyal Collins (Mar 13)
- Re: HTTP AUTH BASIC monowall. Tim (Mar 13)
- Re: HTTP AUTH BASIC monowall. Pavel Kankovsky (Mar 13)
- Re: HTTP AUTH BASIC monowall. Keith (Mar 13)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. gboyce (Mar 15)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
- Re: HTTP AUTH BASIC monowall. Valdis . Kletnieks (Mar 15)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
- Re: HTTP AUTH BASIC monowall. Andrew Simmons (Mar 17)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
- Re: HTTP AUTH BASIC monowall. Mike Owen (Mar 16)
- Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)