Vulnerability Development mailing list archives
Re: More on ARP cache poisoning
From: forrestc () IMACH COM (Forrest W. Christian)
Date: Tue, 1 Feb 2000 23:09:24 -0700
On Tue, 1 Feb 2000, Clifford, Shawn A wrote:
So, this pretty much makes moot hijacking the SETI download, etc. You can ony use the ARP poison to redirect connections _within_ or LAN.
Much easier is "cache poisioning" the client's DNS server. Send request for the A record of seti@home's server, and also send a forged response. Now when the client asks for the seti@home address, it turns around and asks your server for it instead, because it got the IP address you stuffed in the client's DNS server. - Forrest W. Christian (forrestc () imach com) KD7EHZ ---------------------------------------------------------------------- iMach, Ltd., P.O. Box 5749, Helena, MT 59604 http://www.imach.com Solutions for your high-tech problems. (406)-442-6648 ----------------------------------------------------------------------
Current thread:
- More on ARP cache poisoning Clifford, Shawn A (Feb 01)
- Re: More on ARP cache poisoning Forrest W. Christian (Feb 01)
- Re: More on ARP cache poisoning Sebastian (Feb 02)
- Re: More on ARP cache poisoning Granquist, Lamont (Feb 03)
- Re: More on ARP cache poisoning ulan (Feb 02)
- <Possible follow-ups>
- Re: More on ARP cache poisoning Clifford, Shawn A (Feb 01)
- Re: More on ARP cache poisoning Dug Song (Feb 01)
- Re: More on ARP cache poisoning Mudge (Feb 03)
- no comment Michal Zalewski (Feb 02)
- Re: no comment Michal Zalewski (Feb 02)
- Re: More on ARP cache poisoning Dug Song (Feb 01)
- Re: More on ARP cache poisoning Bryce Walter (Feb 02)
- Re: More on ARP cache poisoning Ron Parker (Feb 03)