Vulnerability Development mailing list archives
Re: More on ARP cache poisoning
From: shawn.a.clifford () LMCO COM (Clifford, Shawn A)
Date: Tue, 1 Feb 2000 17:25:28 -0500
To add to my own posting (I know, lame). I guess, as it has been suggested here and offline, you could use ARP poisoning to hijack the target's gateway ether address. What do you do if the target has multiple default gateway entries?
I tried to see if it would be possible to poison the ARP cache of my machine (Solaris 2.6) so that it contained an Ether address of a local machine, but the IP address of a machine outside my network (prep.ai.mit.edu, for example). I didn't work. Not with the 'poink' program nor with 'arp -s <host> <ether>'. The ARP cache in Solaris anyway is smart enough to not take entries for remote networks. Maybe someone else can try on Linux and other platforms. I will try under HP-sUX when I get a chance. So, this pretty much makes moot hijacking the SETI download, etc. You can ony use the ARP poison to redirect connections _within_ or LAN. If anybody finds a way around this, please post the solution. -- Shawn
Current thread:
- More on ARP cache poisoning Clifford, Shawn A (Feb 01)
- Re: More on ARP cache poisoning Forrest W. Christian (Feb 01)
- Re: More on ARP cache poisoning Sebastian (Feb 02)
- Re: More on ARP cache poisoning Granquist, Lamont (Feb 03)
- Re: More on ARP cache poisoning ulan (Feb 02)
- <Possible follow-ups>
- Re: More on ARP cache poisoning Clifford, Shawn A (Feb 01)
- Re: More on ARP cache poisoning Dug Song (Feb 01)
- Re: More on ARP cache poisoning Mudge (Feb 03)
- no comment Michal Zalewski (Feb 02)
- Re: no comment Michal Zalewski (Feb 02)
- Re: More on ARP cache poisoning Dug Song (Feb 01)
- Re: More on ARP cache poisoning Bryce Walter (Feb 02)
- Re: More on ARP cache poisoning Ron Parker (Feb 03)