Penetration Testing mailing list archives
Re: Layer 2 arp snooping without Layer 3?
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 25 Oct 2007 19:10:45 -0400
My goal with L2 is to have victim frames coming to my machine, view the packets (ie. tcpdump, etc), but have the frames sent back out to the real gateway to avoid a DoS situation against the victim. L3 does this for you via IP forwarding, L2 is another matter.
True, bouncing the packets back out is going to be different. You could probably write your own tool for injecting the packets you receive back onto the wire with a different MAC, or perhaps the mangle table in ebtables can do that for you. good luck, tim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Layer 2 arp snooping without Layer 3? offset (Oct 24)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? offset (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Cedric Blancher (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Cedric Blancher (Oct 25)
- <Possible follow-ups>
- Re: Layer 2 arp snooping without Layer 3? hackman (Oct 25)