Penetration Testing mailing list archives
Re[2]: cain & abel full routing
From: Alex <quick.touch () gmail com>
Date: Wed, 14 Jun 2006 00:33:08 +0300
no, it works between hosts too... i used two test hosts, i was the man in the middle, and quickly tested with a ping between test hosts,and i was receiving packets from them. did't try anything else, but it sure works. Hello Travis, Tuesday, June 13, 2006, 10:55:57 PM, you wrote: WT> If I remember correctly I think you can only use cain between server and WT> client. I also think, by using the gateway it could cause problems with WT> normal packet delivery by the gateway. WT> -----Original Message----- WT> From: Alex [mailto:quick.touch () gmail com] WT> Sent: Tuesday, June 13, 2006 12:55 PM WT> To: Pen-Tests WT> Subject: cain & abel full routing WT> why when i use cain&abel and try to perform a man-in-the-middle-attack WT> between the gateway and a test host, i only get half-routing and i only WT> see what the test host transmits to the gateway, but not what the WT> gateway transmits to the test host? WT> IP are allocated after MAC addresses, so the server knows exactly what WT> mac address is allocated to the ip that i'm using as a test host. WT> i thought that a possibility to get what the gateway sends to the test WT> host is to change my mac (i used smac) into the mac of the test host, WT> but it didn't work as a full routing (i'm not sure but i think i was WT> able to see what the gateway sent to the test host, but not what the WT> test host sent to the gateway). WT> is there any way of performing a full man-in-the-middle attack in this WT> scenario? WT> i saw this example http://shsc.info/ARPPoisoning and he achieved there a WT> full routing between a host on the network and one that's over WT> Internet.. (or i might be wrong, because lower in the WAN View he is WT> doing a half-routing with hosts that are over Internet) ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- cain & abel full routing Alex (Jun 13)
- Re: cain & abel full routing Tim (Jun 13)
- Re[2]: cain & abel full routing Alex (Jun 13)
- Re: Re[2]: cain & abel full routing Tim (Jun 14)
- Re[4]: cain & abel full routing Alex (Jun 14)
- Re: Re[4]: cain & abel full routing Tim (Jun 14)
- Re: Re[4]: cain & abel full routing killy (Jun 15)
- Re[6]: cain & abel full routing Alex (Jun 15)
- Re[2]: cain & abel full routing Alex (Jun 13)
- RE: Re[2]: cain & abel full routing Paul Melson (Jun 14)
- Re: cain & abel full routing Tim (Jun 13)
- <Possible follow-ups>
- Re[2]: cain & abel full routing Alex (Jun 13)