Re: Network Configuration Question?

["Pablo Gietz" <pablo.gietz () nuevobersa com ar>]

Read This, may be related.

http://www.phenoelit.org/arpoc/

Also I want to ear the experts opinion about this or similar soft. This
work? this represent a risk?

Thanks


Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
----- Original Message -----
From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: <security-basics () securityfocus com>
Sent: Monday, November 04, 2002 1:58 PM
Subject: Network Configuration Question?


> Hi All,
>
>     On a corporate machine, I was having trouble removing the TinyBar
> scrote-ware that had installed itself surreptitiously onto my machine. As
> part of the process of tracking down how it was running, I downloaded a
> small packet sniffer and ran it so I could attempt to trace the outgoing
> target address of the pop-up window.
>
>     We are on a 100mbs switched network (I believe switched but ..).
>
>     Now imagine my surprise when I could pick up traffic from around 6
other
> machines, including HTTP, POP, SMTP and all the associated passwords.
>
>     Some of the machines were geographically close to me in the office but
> not all. How could this happen on a switched network - has one of the
> switches fallen over into broadcast mode or something? If so how do I go
> about determining (remotely) why/how it has fallen over, who else is on
the
> segment, and what other avenues do I have to explore?
>
>     Thanks in advance
>
> Ian