AW: AW: ARP Poisoning

[Fuchs Bernhard <Bernhard.Fuchs () itellium com>]

O.k.
Let me tell you what I did.
I hat linux (redhat 7.3) and windows boxes (Win2k)
I was sending the arp spoof out of dsniff on a Win2k WS and the router. the
victim showed the "same ip on network)
as i did it between the router and the linux, i pinged the router ip from
the victim and it showed the redirect to the router.
i did not have the time to test it out to much (was a tcp/ip class)

Mit freundlichen Grüßen/ sincerely yours


Bernhard Fuchs 
Junior System-Engineer 
IT-Infrastruktur

ITELLIUM 
Systems & Services GmbH 
Fürther Straße 205 
90429 Nürnberg 

Tel.:   +49-911-14-27321 
Fax:    +49-911-14-22016 
mailto:bernhard.fuchs () itellium com 
http://www.itellium.com

This email is confidential. If you are not the intended recipient, you must
not disclose or use the information contained in it. If you have received
this mail in error, please tell us immediately by return email and delete
the document. E-mails to and from the company are monitored for operational
reasons and in accordance with lawful business practices. The contents of
this email are those of the individual and do not necessarily represent the
views of the company. The company accepts no responsibility once an e-mail
and any attachments is sent. 



-----Ursprüngliche Nachricht-----
Von: Will Tell [mailto:nosphie () rootshell be]
Gesendet: Samstag, 9. November 2002 10:28
An: security-basics () securityfocus com
Betreff: Re: AW: ARP Poisoning


In-Reply-To:
<9F984E1366F3D411988100508BF3A64201AA8149 () exmailn01-e18-2 itellium com>

Hello Bernhard,
You are right. Some Windows recognize an arp-poisoning,
but in this case you have to "arp-storm" only the
others(not the windows victim).
Then poison the windows-arp-cache in the name of the
router(,gateway,...) and the same with the
router-arp-cache.
And the 2nd if u ping the router (router ip) you ping
not the router.You ping the poisoner (me). Because your
arp cache think i am the router.And i answer u with a
ping. So even on linux u dont find me.
Only solution is to look in the arp-cache if it is
poisoned.
For beginner "ettercap" will do a good job. In this
programm is a point "looking for other poisoners".
So you might find me.

Will Tell

 
> Hi Michael!
>
> I did not test it out too much, but if you are in the
same network =
> windows
> will warn that the same IP-Adress is twice on the net.
> On Linux you see it, if you ping the router, he shows
that the ping is
> redirected.
> can anyone verify this? other than that ?????
>
> Mit freundlichen Gr=FC=DFen/ sincerely yours
>
>
> Bernhard Fuchs=20
> Junior System-Engineer=20
> IT-Infrastruktur
>
> ITELLIUM=20
> Systems & Services GmbH=20
> F=FCrther Stra=DFe 205=20
> 90429 N=FCrnberg=20
>
> Tel.:   +49-911-14-27321=20
> Fax:    +49-911-14-22016=20
> mailto:bernhard.fuchs () itellium com=20
> http://www.itellium.com