Nmap Development mailing list archives
Send ARP before spoof
From: "flacman" <flacman () gmail com>
Date: Mon, 5 Nov 2007 09:29:35 -0500
Hi, i've been testing a los nmap IpSpoof function, and some times it doesn't function. I was wondering why, so I make tests using whireshark. The reason was that sometimes the router/switch don't have in it's cache the mac address of the source (the attacker) so it have to send arp packages to see who was the owner of that ip. In other word's it makes like a blind ipSpoof. So, I propose to send first some spoofed arp packages first to fill the router/switch cache first. Flacman Colombiaunderground.org Flacman [at] colombiaunderground.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Send ARP before spoof flacman (Nov 05)