Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MiM Simultaneous close attack

From: Xyntrix <xyntrix () bitz org>
Date: Fri, 17 Aug 2001 10:47:14 -0700
not necessarily.

arp cache poisoning, mac address mirroring, and mac address spamming can
enable sniffing of network traffic (that normally would not be addressed to
a specific port) on a switch quite easy.


On Fri, Aug 17, 2001 at 09:01 AM, Malcolm Jack <Malcolm () brandes com> said:

Excuse my ignorance, but wouldn't a switched network be a remedy for this
attack?  Unless you are using some type of 'port mirroring' functionality
(at the switch) the attacking computer sitting in promiscuous mode would
only hear broadcast traffic.  Right? Or am I missing something?

-----Original Message-----
From: Korhan Kaya [mailto:kkaya () prioriy1world com]
Sent: Tuesday, August 14, 2001 8:38 AM
To: vuln-dev () securityfocus com
Subject: MiM Simultaneous close attack


MiM simultaneous CLOSE attack

Revision 1.1

For Public Release 2001 August 07 08:00 (GMT +0200)
_________________________________________________________________

 Vulnerability :
        MiM simultaneous CLOSE attack
 Vendor :
        N/A
 Category :
        Man in the middle / Denial of service
 Date :
        08/07/2001
Credits :
        Korhan Kaya <kkaya () priority1world com>
        Document ID   :  MW-TCPMD-03



-----
_______________________________________
Mike Mclane | xyntrix at bitz dot org |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Previous By Date Next
Previous By Thread Next

Current thread: