Re: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18

["Craig Janssen" <cjanssen () mail millikin edu>]

If you perform a man-in-the-middle attack (accomplished by poisoning the
arp tables of the two computers that you want to eavesdrop on and
convince the source computer that you are the destination computer and
vice versa), use packet forwarding software to relay all packets through
your computer to the respective destinations, it should be invisible on
a traceroute.  The only way you could tell that something was going on
is if you had both mac addresses memorized, and if you do check your arp
table and notice the mac address the remote IP is coming from is
different than what it should be...

Craig



> > > <SMiller () unimin com> 06/26/03 12:07PM >>>

To ask a related, equally uninformed question:  If packets are
diverted
through a sniffing host, will the sniffer address be enumerated on
traceroutes from either the source or the destination host to its
counterpart, or are there techniques to mask this?   Thanks.

-Scott




                                                                       
                                                         
                      Meidinger Christopher                            
                                                         
                      <christopher.meidinger@        To:       "'David
Wallraff'" <wall0448 () ece umn edu>                         
                      badenIT.de>                    cc:      
"Security-Basics@Securityfocus. Com (E-Mail)"                     
                                                     
<security-basics () securityfocus com>                                  
     
                      06/26/2003 05:09 AM            Subject:  AW: AW:
security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 
                                                      18               
                                                         
                                                                       
                                                         



...NOW, you ask yourself how can i sniff on a switched network if all i
get
is
stuff for me?

The answer is, you have to lie to the other machines telling them that
you
are either their gateway, or that you are the machines that they want
to
talk to. The technical details are out of the scope of this paper, but
you
essentially get messages destined for other IP addresses delivered to
your
MAC address and then send them yourself to the the real MAC address
that
belongs to dst host after keeping a copy of the packet for yourself.
This
takes a certain amount of skill (though not that much with automated
tools,
see below) to do, but it is not beyond a novice.
...
Chris Meidinger
Tullastrasse 70
79108 Freiburg








---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm 
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------