Re: cain & abel full routing

[Tim <pand0ra.usa () gmail com>]

All you are doing is poisoning the ARP tables on those systems. The
router/server may not be caching ARP entries or something else may be
going on that is causing the half-routing, such as the device has the
MAC's hard coded in preventing ARP spoofing. How long did you wait
before cancelling the attack, as sometimes you have to wait for the
ARP entry to expire before you can poison the table.

On 6/13/06, Alex <quick.touch () gmail com> wrote:
> why when i use cain&abel and try to perform a man-in-the-middle-attack between the gateway and a test host, i only get 
> half-routing and i only see what the test host transmits to the gateway, but not what the gateway transmits to the test 
> host?
>
> IP are allocated after MAC addresses, so the server knows exactly what mac address is allocated to the ip that i'm 
> using as a test host.
> i thought that a possibility to get what the gateway sends to the test host is to change my mac (i used smac) into the mac of the 
> test host, but it didn't work as a full routing (i'm not sure but i think i was able to see what the gateway sent to 
> the test host, but not what the test host sent to the gateway).
> is there any way of performing a full man-in-the-middle attack in this scenario?
>
> i saw this example http://shsc.info/ARPPoisoning and he achieved there a full routing between a host on the network and one 
> that's over Internet.. (or i might be wrong, because lower in the WAN View he is doing a half-routing with hosts that 
> are over Internet)
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request () cenzic com for details.
> ------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------