Bugtraq mailing list archives
Re: Redir games with ARP and ICMP
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Sat, 20 Sep 1997 07:42:33 -0400
Not only that but a switched network allows you to make purely unicast address attacks that the monitoring station won't see as the lan admin is himself switched from your packets...
It's a pretty stupid admin who counts on a station being able to sniff attacks and then puts the monitoring station behind a switch. Not that there aren't plenty of stupid admins out there, of course. But I certainly know if _I_ were counting on my monitoring station being able to snoop such things I'd make damn sure the switch forwarded everything to it. (All switches I've seen are capable of this.)
A filtering hub lets you perform this attack
ping the two hosts you wish to snoop between.
Using the mac address you learn via arp send both a unicast arp giving yourself as the answer for the other IP address.
"arp info for 0x11223344 overwritten by 01:02:03:04:05:06" Not that anyone will necessarily notice, of course, but still. der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Re: Redir games with ARP and ICMP der Mouse (Sep 20)
- <Possible follow-ups>
- Re: Redir games with ARP and ICMP Olaf Seibert (Sep 23)
- Re: Redir games with ARP and ICMP Neil J Long (Sep 24)