Penetration Testing mailing list archives
Re: [PEN-TEST] Spoofing switched networks
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Sun, 4 Feb 2001 19:02:27 +0100
Hi, Quoting Salyars, Marty (marty.salyars () AMSC BELVOIR ARMY MIL):
Can someone inside a switched NT network spoof a host to get unauthorized access to resources. How easy or hard is it?
Yes. Using tools like 'arpredirect' in combination with 'fragrouter' or the like, someone can redirect all trafic from a host to other hosts trough his/her own machine. Spoofing is easy then. Spoofing inside a switched network is usually no problem at all; sniffing inside a switched network is. You probably won't even need to 'arpredirect' to do the spoofing, unless we're talking a switch that knows his stuff.
Can someone outside the switched NT network spoof a host to get unauthorized access. How can they do this?
If your router allows routing of those 'inside' addresses; yes. Anything that generates spoofed packets will work.
Can an individual inside or outside the switched NT network hijack a session to get into resources
Session hijacking would need sniffing, unless the sequence numbering is _very_ straightforward, then it's guessable - but hard to do. When using 'arpredirect' to direct all traffic trough an 'intermediate host', session hijacking is quite easy. 'hunt' is a tool that does stuff like that.
What tools would the culprit use?
'dsniff' (includes arpredirect), 'hunt', 'fragrouter'.
Can the individual spoof the host using SYN flooding, sending spoofed ARP replies, MAC flooding/ MAC spoofing/MAC duplication.
Spoofing trough syn flooding is not possible ;) - taking out the originator using synflooding, then spoofing it is. MAC spoofing is a very real option, if the network card supports changing its hardware address. Greets, Robert -- Linux Generation
Current thread:
- [PEN-TEST] Spoofing switched networks Salyars, Marty (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Robert van der Meulen (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Brian Hartsfield (Feb 05)
- Re: [PEN-TEST] Spoofing switched networks Dave Ryan (Feb 05)
- <Possible follow-ups>
- Re: [PEN-TEST] Spoofing switched networks Chris St. Clair (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Lindqvist, Johan (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Sam Quigley (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Simon Waters (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Nathan Catlow (Feb 07)
- Re: [PEN-TEST] Spoofing switched networks shawn . moyer (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Sam Quigley (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Robert van der Meulen (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Eduardo_Campos (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Shoten (Feb 06)