Penetration Testing mailing list archives

Re: to dsniff or not to dsniff

From: killy <killfactory () gmail com>
Date: Wed, 31 May 2006 10:40:59 -0400

As Gary stated you could hardcode the MAC to each port on the switch
or simply limit the number of MACs on any given port. Or, hehe static
arp tables on every pc. ;-)  just kidding. lol.

On 5/11/06, Roman Lublinsky <roma () medship lv> wrote:

 It's all nice tools, but any good ideas how to protect against it on the
switch with the vlans?

Best regards,
Roman

-----Original Message-----
From: Ivan . [mailto:ivanhec () gmail com]
Sent: Tuesday, May 09, 2006 2:23 AM
To: Robin Wood
Cc: Gary E. Miller; pen-test () securityfocus com
Subject: Re: to dsniff or not to dsniff

fair enouh, I like Ubuntu as my laptop is fully supported.

Yes I recommend using it, it's not only dnsiff, but filesnarf, mailsnarf,
msgsnarf, urlsnarf, and webspy

cheers
Ivan

On 5/8/06, Robin Wood <dninja () gmail com> wrote:
> I'm running arch linux at the moment, found ubuntu got too bloated.
> Arch may have it somewhere but I'm yet to fully understand the package
> manager so could have missed it.
>
> Does this mean that you recommend using dsniff?
>
> Robin
>
> On 5/8/06, Ivan . <ivanhec () gmail com> wrote:
> > Robin,
> >
> > Try Ubuntu, it has it. Comment out the "universe" section in your
> > sources list, and then do
> >
> > ivan@vatra:~$ sudo apt-get install dsniff
> >
> > and yoru laughing
> >
> > cheers
> > Ivan
> >
> > On 5/8/06, Gary E. Miller <gem () rellim com> wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > Yo Robin!
> > >
> > > On Sun, 7 May 2006, Robin Wood wrote:
> > >
> > > > My distro doesn't have dsniff as a package so I've trid to
> > > > compile it and came across a few issues, in resolving them I
> > > > realised that dnsniff is quite old and relies on some unsuported
packages.
> > >
> > > I have not run into another package that does what dsniff does as
> > > easily as dsniff does it.  Long past time for a new maintainter to
> > > pick it up and run with it.  Should not be too hard for someone
> > > that understands low level IP.
> > >
> > > RGDS
> > > GARY
> > > -
> > > ------------------------------------------------------------------
> > > --------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3,
> > > Bend, OR 97701
> > >         gem () rellim com  Tel:+1(541)382-8588
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.4.2.1 (GNU/Linux)
> > >
> > > iD8DBQFEXr5l8KZibdeR3qURAgzeAKCYk1fLPDBf/7p6yU5cC0JxNJK1RQCfVJKF
> > > i3s9A38X/2KXXi4PPm1/jJ8=
> > > =j2iv
> > > -----END PGP SIGNATURE-----
> > >
> > >
> > > ------------------------------------------------------------------
> > > ------------
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > Why not go with the #1 solution - Cenzic, the only one to win the
> > > Analyst's Choice Award from eWeek. As attacks through web
> > > applications continue to rise, you need to proactively protect
> > > your applications from hackers. Cenzic has the most comprehensive
> > > solutions to meet your application security penetration testing
> > > and vulnerability management needs. You have an option to go with
> > > a managed service (Cenzic ClickToSecure) or an enterprise software
> > > (Cenzic Hailstorm). Download FREE whitepaper on how a managed
> > > service can help you:
> > > http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you to
> > > confirm your results from other product. Contact us at
request () cenzic com for details.
> > > ------------------------------------------------------------------
> > > ------------
> > >
> > >
> >
>

-----------------------------------------------------------------------------
-
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to
rise, you need to proactively protect your applications from hackers. Cenzic
has the most comprehensive solutions to meet your application security
penetration testing and vulnerability management needs. You have an option to
go with a managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
-----------------------------------------------------------------------------
-



------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?Why not go with the #1 solution - Cenzic, the only one to win the Analyst'sChoice Award from eWeek. As attacks through web applications continue to rise,you need to proactively protect your applications from hackers. Cenzic has themost comprehensive solutions to meet your application security penetrationtesting and vulnerability management needs. You have an option to go with amanaged service (Cenzic ClickToSecure) or an enterprise software(Cenzic Hailstorm). Download FREE whitepaper on how a managed service canhelp you: http://www.cenzic.com/news_events/wpappsec.phpAnd, now for a limited time we can do a FREE audit for you to confirm yourresults from other product. Contact us at request () cenzic com for details.

------------------------------------------------------------------------------

Current thread:

Re: to dsniff or not to dsniff, (continued)
- - - Re: to dsniff or not to dsniff Ivan . (May 08)
    - Re: to dsniff or not to dsniff Robin Wood (May 09)
    - Re: to dsniff or not to dsniff Christine Kronberg (May 09)
    - Re: to dsniff or not to dsniff Robin Wood (May 21)
    - Re: to dsniff or not to dsniff Alok Vijayant (May 23)
    - Re: to dsniff or not to dsniff Gene Cronk (May 23)
- Re: Re: to dsniff or not to dsniff revnic (May 08)
- Re: Re: to dsniff or not to dsniff bob (May 08)
- RE: to dsniff or not to dsniff Roman Lublinsky (May 11)
  - RE: to dsniff or not to dsniff Gary E. Miller (May 12)
  - Re: to dsniff or not to dsniff killy (May 31)