Re[2]: cain & abel full routing

[Alex <quick.touch () gmail com>]

no, it works between hosts too... i used two test hosts, i was the man
in the middle, and quickly tested with a ping between test hosts,and i
was receiving packets from them. did't try anything else, but it sure
works.


Hello Travis,

Tuesday, June 13, 2006, 10:55:57 PM, you wrote:


WT> If I remember correctly I think you can only use cain between server and
WT> client. I also think, by using the gateway it could cause problems with
WT> normal packet delivery by the gateway.


WT> -----Original Message-----
WT> From: Alex [mailto:quick.touch () gmail com] 
WT> Sent: Tuesday, June 13, 2006 12:55 PM
WT> To: Pen-Tests
WT> Subject: cain & abel full routing

WT> why when i use cain&abel and try to perform a man-in-the-middle-attack
WT> between the gateway and a test host, i only get half-routing and i only
WT> see what the test host transmits to the gateway, but not what the
WT> gateway transmits to the test host? 

WT> IP are allocated after MAC addresses, so the server knows exactly what
WT> mac address is allocated to the ip that i'm using as a test host.
WT> i thought that a possibility to get what the gateway sends to the test
WT> host is to change my mac (i used smac) into the mac of the test host,
WT> but it didn't work as a full routing (i'm not sure but i think i was
WT> able to see what the gateway sent to the test host, but not what the
WT> test host sent to the gateway). 
WT> is there any way of performing a full man-in-the-middle attack in this
WT> scenario?

WT> i saw this example http://shsc.info/ARPPoisoning and he achieved there a
WT> full routing between a host on the network and one that's over
WT> Internet.. (or i might be wrong, because lower in the WAN View he is
WT> doing a half-routing with hosts that are over Internet) 




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's 
Choice Award from eWeek. As attacks through web applications continue to rise, 
you need to proactively protect your applications from hackers. Cenzic has the 
most comprehensive solutions to meet your application security penetration 
testing and vulnerability management needs. You have an option to go with a 
managed service (Cenzic ClickToSecure) or an enterprise software 
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can 
help you: http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------