Full Disclosure mailing list archives
Re: Packet sniffing help needed
From: Mark Knowles <ghooti () googlemail com>
Date: Tue, 6 Dec 2005 17:41:05 +0000
Thanks! I really appreciate the help. I have found a new interest. no more ASM for a month or 2 So those warning are "boiling water is hot!" - there is nothing i can do about it - Its similar to the cash machines here now that have stickers on them saying people can read you pin number always conceal it when you type it in) Still good to know. After thinking about this a bit more then it really does appear to be the wiretap thing - i suppose i never thought of wire taps like that, where the CIA/FBI compromise the telephone exchange - albeit with permission. When you say manipulating the routing tables, this doesn't mean too much to me (unless you are talking about DNS poisoning - although i suspect its more) could you please send me some links to read up on. I know what routing table are, but that's about it :) I know this is basic, but here is another ascii diagram C1 - CR1 -=-=-=-=-= CR3 - C3 C2 --¦ --¦ C1 - Victim user CR1 - Victim Router1 C3 - Site CR3 - Site Router -=-= Ethernet 'aether' and hosts. C2 - Attacker CR3 would seem to be the target. so trace to the last ip then try to compromise that.. would seem to be the logical explanation. I suppose an alternative would be to map the network behind the router and go for one of those machines then arp poison the router attempting to get anything but 1 or 2 hops from the target site (assuming that i don't know the victims ip) is best i can hope for to capture all traffic. anything in the -=- area might be worth it but cannot guarantee success, and would need good log parsers/regex strings. Is this a valid scenario? I think I'm on the right track now and I'm gonna have some fun tonight - bloody hell, I'm getting excited by trying this out ... time to sack the bird, she is getting too expensive anyway... ;) any furtehr reading would be appreciated. Thanks, Mark. On 12/6/05, Joachim Schipper <j.schipper () math uu nl> wrote:
On Tue, Dec 06, 2005 at 04:26:19PM +0000, Mark Knowles wrote:
<quotes snipped for relevance and bandwidth> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Packet sniffing help needed Mark Knowles (Dec 06)
- Re: Packet sniffing help needed Brian Dessent (Dec 06)
- Re: Packet sniffing help needed Mark Knowles (Dec 06)
- Re: Packet sniffing help needed Joachim Schipper (Dec 06)
- Re: Packet sniffing help needed Mark Knowles (Dec 06)
- Re: Packet sniffing help needed Joachim Schipper (Dec 06)
- Re: Packet sniffing help needed Mark Knowles (Dec 06)
- Re: Packet sniffing help needed Brian Dessent (Dec 06)
- <Possible follow-ups>
- RE: Packet sniffing help needed Mark Senior (Dec 06)