Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Arp spoofing & dsniff

From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 6 May 2002 12:24:57 -0600 (MDT)
On Mon, 6 May 2002, kumar mahadevan wrote:


If I am on a Switched network and I change my MAC
address on my RH 7 box to the victim's (using
IFCONFIG). Now, how do I capture say for e.g Telnet
sessions between the victim and a server running
telnet service.


If you change your MAC address to be that of the victim (the box in the
same broadcast domain as your attacking machine) then you will be fighting
the victim for control of the MAC address in the switch.  The switch will
alternately think that that MAC address is in one port, then another, as
frames come in with that as a source address.  In general, you'll just
make the victim unable to communicate, and yuo won't be able to monitor
most of the traffic.



I don't want to ARP cache poison  nor MAC flood the
switch.


Then your best bet is to poison the ARP cache on the victim, to make it
think you're the other box, or the router.  Configure your box to forward
the packets so you don't break the communications.


                                        Ryan


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: