Security Basics mailing list archives

Re: Preventing DHCP from allocating IPs

From: "David Verty" <verticalrave () hotmail com>
Date: Fri, 20 Dec 2002 03:05:38 +0000

As said below, it is possible to poison the arp table of the said switchednetwork. In a hub configuration (as you probably know), network traffic hitsall connected interfaces, and it is up to the computer to ignore them. Acomputer put in promisc mode will listen to all traffic.

In a switched environment however, it dosen't work that way so, you have tochange the arp table on the switch so that traffic is redirected toyourself, but still passed on to the client. So essentally, it is a man inthe middle attack. There are ways to sense poisoning in a switchedenvironment, and i've seen some tools claim to stop poisoning, but so far Ihave not tested any yet. Ettercap is only one of the sniffing tools so farthat I have seen to have perfected this capability. I'm not so sure aboutEthereal however.

From: Tony Meman <none () superig com br>
To: jon kintner <jon.kintner () lvcm com>,security-basics () securityfocus com
Subject: Re: Preventing DHCP from allocating IPs
Date: Wed, 11 Dec 2002 19:03:48 -0200

No, u can sniff switched networks using poisoning the arp table. Its prettyeasy to do it

usually. Check out ethercap, it uses this techniq.

--
none

jon kintner wrote:

I don't know if it's impossibe, but isn't sniffing traffic on a switched
network more difficult?

-jon

----- Original Message -----
From: "Tony Meman" <none () superig com br>
To: <security-basics () securityfocus com>
Sent: Saturday, December 07, 2002 3:29 PM
Subject: Re: Preventing DHCP from allocating IPs

Someone could just sniff the traffic, collect some valid MAC addresses
and use one of
them when some box is down. MAC spoofing is trivial.

Regards,

--
none

Hasnain Atique wrote:



_________________________________________________________________

The new MSN 8: smart spam protection and 3 months FREE*.http://join.msn.com/?page=features/junkmail&xAPID=42&PS=47575&PI=7324&DI=7474&SU=http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_smartspamprotection_3mf

Current thread:

Re: Preventing DHCP from allocating IPs, (continued)
- - - Re: Preventing DHCP from allocating IPs jon kintner (Dec 09)
    - Re: Preventing DHCP from allocating IPs Gene (Dec 11)
    - Re: Preventing DHCP from allocating IPs Tony Meman (Dec 12)
- Re: Preventing DHCP from allocating IPs Fred Williams (Dec 04)
- RE: Preventing DHCP from allocating IPs Wollenslegel, Troy (T.A.) (Dec 04)
- RE: Preventing DHCP from allocating IPs wbjw (Dec 05)
- RE: Preventing DHCP from allocating IPs CTillett (Dec 06)
- RE: Preventing DHCP from allocating IPs Gary Turovsky (Dec 06)
- RE: Preventing DHCP from allocating IPs Chad Agate (Dec 06)
- RE: Preventing DHCP from allocating IPs Smith, Chris (Dec 06)
- Re: Preventing DHCP from allocating IPs David Verty (Dec 20)