Security Basics mailing list archives
Re: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18
From: "Craig Janssen" <cjanssen () mail millikin edu>
Date: Thu, 26 Jun 2003 16:58:31 -0500
If you perform a man-in-the-middle attack (accomplished by poisoning the arp tables of the two computers that you want to eavesdrop on and convince the source computer that you are the destination computer and vice versa), use packet forwarding software to relay all packets through your computer to the respective destinations, it should be invisible on a traceroute. The only way you could tell that something was going on is if you had both mac addresses memorized, and if you do check your arp table and notice the mac address the remote IP is coming from is different than what it should be... Craig
<SMiller () unimin com> 06/26/03 12:07PM >>>
To ask a related, equally uninformed question: If packets are diverted through a sniffing host, will the sniffer address be enumerated on traceroutes from either the source or the destination host to its counterpart, or are there techniques to mask this? Thanks. -Scott Meidinger Christopher <christopher.meidinger@ To: "'David Wallraff'" <wall0448 () ece umn edu> badenIT.de> cc: "Security-Basics@Securityfocus. Com (E-Mail)" <security-basics () securityfocus com> 06/26/2003 05:09 AM Subject: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18 ...NOW, you ask yourself how can i sniff on a switched network if all i get is stuff for me? The answer is, you have to lie to the other machines telling them that you are either their gateway, or that you are the machines that they want to talk to. The technical details are out of the scope of this paper, but you essentially get messages destined for other IP addresses delivered to your MAC address and then send them yourself to the the real MAC address that belongs to dst host after keeping a copy of the packet for yourself. This takes a certain amount of skill (though not that much with automated tools, see below) to do, but it is not beyond a novice. ... Chris Meidinger Tullastrasse 70 79108 Freiburg --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18 Craig Janssen (Jun 27)