Security Basics mailing list archives
Re: Preventing DHCP from allocating IPs
From: "David Verty" <verticalrave () hotmail com>
Date: Fri, 20 Dec 2002 03:05:38 +0000
As said below, it is possible to poison the arp table of the said switched network. In a hub configuration (as you probably know), network traffic hits all connected interfaces, and it is up to the computer to ignore them. A computer put in promisc mode will listen to all traffic.
In a switched environment however, it dosen't work that way so, you have to change the arp table on the switch so that traffic is redirected to yourself, but still passed on to the client. So essentally, it is a man in the middle attack. There are ways to sense poisoning in a switched environment, and i've seen some tools claim to stop poisoning, but so far I have not tested any yet. Ettercap is only one of the sniffing tools so far that I have seen to have perfected this capability. I'm not so sure about Ethereal however.
From: Tony Meman <none () superig com br> To: jon kintner <jon.kintner () lvcm com>,security-basics () securityfocus com Subject: Re: Preventing DHCP from allocating IPs Date: Wed, 11 Dec 2002 19:03:48 -0200No, u can sniff switched networks using poisoning the arp table. Its pretty easy to do itusually. Check out ethercap, it uses this techniq. -- none jon kintner wrote:I don't know if it's impossibe, but isn't sniffing traffic on a switched network more difficult? -jon ----- Original Message ----- From: "Tony Meman" <none () superig com br> To: <security-basics () securityfocus com> Sent: Saturday, December 07, 2002 3:29 PM Subject: Re: Preventing DHCP from allocating IPsSomeone could just sniff the traffic, collect some valid MAC addresses and use one of them when some box is down. MAC spoofing is trivial. Regards, -- none Hasnain Atique wrote:
_________________________________________________________________The new MSN 8: smart spam protection and 3 months FREE*. http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU= http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_smartspamprotection_3mf
Current thread:
- Re: Preventing DHCP from allocating IPs, (continued)
- Re: Preventing DHCP from allocating IPs jon kintner (Dec 09)
- Re: Preventing DHCP from allocating IPs Gene (Dec 11)
- Re: Preventing DHCP from allocating IPs Tony Meman (Dec 12)
- Re: Preventing DHCP from allocating IPs Fred Williams (Dec 04)
- RE: Preventing DHCP from allocating IPs Wollenslegel, Troy (T.A.) (Dec 04)
- RE: Preventing DHCP from allocating IPs wbjw (Dec 05)
- RE: Preventing DHCP from allocating IPs CTillett (Dec 06)
- RE: Preventing DHCP from allocating IPs Gary Turovsky (Dec 06)
- RE: Preventing DHCP from allocating IPs Chad Agate (Dec 06)
- RE: Preventing DHCP from allocating IPs Smith, Chris (Dec 06)
- Re: Preventing DHCP from allocating IPs David Verty (Dec 20)