Security Basics mailing list archives
Re: Network Configuration Question?
From: "Pablo Gietz" <pablo.gietz () nuevobersa com ar>
Date: Tue, 5 Nov 2002 16:32:45 -0300
Read This, may be related. http://www.phenoelit.org/arpoc/ Also I want to ear the experts opinion about this or similar soft. This work? this represent a risk? Thanks Pablo A. C. Gietz Jefe de Seguridad Informática Nuevo Banco de Entre Ríos S.A. Te.: 0343 - 4201351 ----- Original Message ----- From: "Ian Lyte" <ilyte () alias666 freeserve co uk> To: <security-basics () securityfocus com> Sent: Monday, November 04, 2002 1:58 PM Subject: Network Configuration Question?
Hi All, On a corporate machine, I was having trouble removing the TinyBar scrote-ware that had installed itself surreptitiously onto my machine. As part of the process of tracking down how it was running, I downloaded a small packet sniffer and ran it so I could attempt to trace the outgoing target address of the pop-up window. We are on a 100mbs switched network (I believe switched but ..). Now imagine my surprise when I could pick up traffic from around 6
other
machines, including HTTP, POP, SMTP and all the associated passwords. Some of the machines were geographically close to me in the office but not all. How could this happen on a switched network - has one of the switches fallen over into broadcast mode or something? If so how do I go about determining (remotely) why/how it has fallen over, who else is on
the
segment, and what other avenues do I have to explore? Thanks in advance Ian
Current thread:
- Network Configuration Question? Ian Lyte (Nov 04)
- Re: Network Configuration Question? Pablo Gietz (Nov 06)
- <Possible follow-ups>
- Re: Network Configuration Question? netsec novice (Nov 05)
- RE: Network Configuration Question? Naman Latif (Nov 06)
- Re: Network Configuration Question? ktyler (Nov 08)