Re: More on ARP cache poisoning

[brycewalter () HOTMAIL COM (Bryce Walter)]

For remote hosts, the computer is going to arp for the defualt gateway
instead of the destination IP.  If you poisoned the ARP cache for the entry
of the default gateway, all packets for any remote computers would be sent
to you.  This would probably be noticed pretty quickly when nothing seems to
"work" on the target computer.  You could try to avoid this by enabling
routing on your box to get the packets that you don't care about to their
real desinations.

> I tried to see if it would be possible to poison the ARP cache of my
> machine
> (Solaris 2.6) so that it contained an Ether address of a local machine, but
> the IP address of a machine outside my network (prep.ai.mit.edu, for
> example).
>
> I didn't work.  Not with the 'poink' program nor with 'arp -s <host>
> <ether>'.  The ARP cache in Solaris anyway is smart enough to not take
> entries for remote networks.  Maybe someone else can try on Linux and other
> platforms.  I will try under HP-sUX when I get a chance.
>
> So, this pretty much makes moot hijacking the SETI download, etc.  You can
> ony use the ARP poison to redirect connections _within_ or LAN.
>
> If anybody finds a way around this, please post the solution.
>
> -- Shawn

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com