Security Basics mailing list archives
AW: AW: ARP Poisoning
From: Fuchs Bernhard <Bernhard.Fuchs () itellium com>
Date: Mon, 11 Nov 2002 12:04:32 +0100
O.k. Let me tell you what I did. I hat linux (redhat 7.3) and windows boxes (Win2k) I was sending the arp spoof out of dsniff on a Win2k WS and the router. the victim showed the "same ip on network) as i did it between the router and the linux, i pinged the router ip from the victim and it showed the redirect to the router. i did not have the time to test it out to much (was a tcp/ip class) Mit freundlichen Grüßen/ sincerely yours Bernhard Fuchs Junior System-Engineer IT-Infrastruktur ITELLIUM Systems & Services GmbH Fürther Straße 205 90429 Nürnberg Tel.: +49-911-14-27321 Fax: +49-911-14-22016 mailto:bernhard.fuchs () itellium com http://www.itellium.com This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return email and delete the document. E-mails to and from the company are monitored for operational reasons and in accordance with lawful business practices. The contents of this email are those of the individual and do not necessarily represent the views of the company. The company accepts no responsibility once an e-mail and any attachments is sent. -----Ursprüngliche Nachricht----- Von: Will Tell [mailto:nosphie () rootshell be] Gesendet: Samstag, 9. November 2002 10:28 An: security-basics () securityfocus com Betreff: Re: AW: ARP Poisoning In-Reply-To: <9F984E1366F3D411988100508BF3A64201AA8149 () exmailn01-e18-2 itellium com> Hello Bernhard, You are right. Some Windows recognize an arp-poisoning, but in this case you have to "arp-storm" only the others(not the windows victim). Then poison the windows-arp-cache in the name of the router(,gateway,...) and the same with the router-arp-cache. And the 2nd if u ping the router (router ip) you ping not the router.You ping the poisoner (me). Because your arp cache think i am the router.And i answer u with a ping. So even on linux u dont find me. Only solution is to look in the arp-cache if it is poisoned. For beginner "ettercap" will do a good job. In this programm is a point "looking for other poisoners". So you might find me. Will Tell
Hi Michael! I did not test it out too much, but if you are in the
same network =
windows will warn that the same IP-Adress is twice on the net. On Linux you see it, if you ping the router, he shows
that the ping is
redirected. can anyone verify this? other than that ????? Mit freundlichen Gr=FC=DFen/ sincerely yours Bernhard Fuchs=20 Junior System-Engineer=20 IT-Infrastruktur ITELLIUM=20 Systems & Services GmbH=20 F=FCrther Stra=DFe 205=20 90429 N=FCrnberg=20 Tel.: +49-911-14-27321=20 Fax: +49-911-14-22016=20 mailto:bernhard.fuchs () itellium com=20 http://www.itellium.com
Current thread:
- AW: AW: ARP Poisoning Fuchs Bernhard (Nov 11)
- User roles in Cisco Works and HPOpenview Carmelo Floridia (Nov 13)