Vulnerability Development mailing list archives
Re: MiM Simultaneous close attack
From: "Korhan Kaya" <kkaya () prioriy1world com>
Date: Sat, 18 Aug 2001 01:55:50 +0300
Excuse my ignorance, but wouldn't a switched network be a remedy for this attack? Unless you are using some type of 'port mirroring' functionality (at the switch) the attacking computer sitting in promiscuous mode would only hear broadcast traffic. Right? Or am I missing something?
Hi , In theory, you cannot do this in a switched-hub network. In practice, attacker can use numerous methots like Switch jamming , ARP Redirecting , ICMP Redirecting , Switch Jamming listen network traffic in a switched-hub envronment. (for more info : see http://www.robertgraham.com/pubs/sniffing-faq.html ). Also attacker can affect local host to trigger a network flood. Regards Korhan Kaya
Current thread:
- MiM Simultaneous close attack Korhan Kaya (Aug 14)
- <Possible follow-ups>
- RE: MiM Simultaneous close attack Malcolm Jack (Aug 17)
- Re: MiM Simultaneous close attack Xyntrix (Aug 17)
- Re: MiM Simultaneous close attack jaywhy (Aug 17)
- Re: MiM Simultaneous close attack Michael J. Cannon (Aug 17)
- RE: MiM Simultaneous close attack David Schwartz (Aug 17)
- RE: MiM Simultaneous close attack Dom De Vitto (Aug 17)
- Re: MiM Simultaneous close attack Korhan Kaya (Aug 17)
- Re: MiM Simultaneous close attack Xyntrix (Aug 17)
- RE: MiM Simultaneous close attack big bon (Aug 17)
- Re: MiM Simultaneous close attack Paul (Aug 18)
- Re: MiM Simultaneous close attack Robert Freeman (Aug 18)
- Re: MiM Simultaneous close attack Mauro Flores (Aug 21)
- RE: MiM Simultaneous close attack Dom De Vitto (Aug 21)
- Re: MiM Simultaneous close attack Jim Nanney (Aug 21)
- Re: MiM Simultaneous close attack Paul (Aug 18)
- Re: MiM Simultaneous close attack jaywhy (Aug 18)
- Re: MiM Simultaneous close attack Paul (Aug 19)