Penetration Testing mailing list archives
Re: Spoofed IP address[Scanned]
From: "Davie Elliott - Eluse" <delliott () eluse co uk>
Date: Sat, 23 Sep 2006 19:22:59 +0100
If I remember correctly, the attacker doesn't use the same IP address... its sends a forged ARP packet to the server to change the MAC address entry into the server's ARP table to point to the attackers IP. I think the solution to this is to setup a broadcast listener... a machine that listens to Transmissions over the broadcast IP such as ARP requests. The broadcast listener should listen out for MAC and IP spoofing. ----- Original Message ----- From: "xun dong" <xundong () cs york ac uk> To: <pen-test () securityfocus com> Sent: Friday, September 22, 2006 4:54 PM Subject: Spoofed IP address[Scanned]
Thanks everyone who read and answer my question. Given a scenario as below: When someone wants to launch a man-in-the-middle attack on the communication between the client and server. In order to make it more transparent(hard to discover) can the attacker pretended to has the same IP address as the server(when handling the communication with client end) while pretending to has the same IP address as the client(when handling the communication with server end). If it is possible, can you tell me your solutions. This is not used to generate real attacks, it is just a concern I come cross when designing a communication system. Thanks a lot. Xun Dong ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Spoofed IP address xun dong (Sep 23)
- Re: Spoofed IP address crazy frog crazy frog (Sep 24)
- Re: Spoofed IP address Al Bam (Sep 24)
- Re: Spoofed IP address Cedric Blancher (Sep 24)
- Re: Spoofed IP address[Scanned] Davie Elliott - Eluse (Sep 24)
- Re: Spoofed IP address crazy frog crazy frog (Sep 24)