Re: [Full-Disclosure] Re: The ArpSucker is b0rn! Be yourself, be the net.

From: nirvana (karmic_nirvana_at_yahoo.com)
Date: 09/14/04

  • Next message: Frank Knobbe: "Re: [Full-Disclosure] Where is security industry gng??" 
    To: VX Dude <vxdude2003@yahoo.com>, Stefan.Laudat@allianztiriac.ro, Alpt <alpt@freaknet.org>
Date: Tue, 14 Sep 2004 07:28:48 -0700 (PDT)

    nice.....real nice!

    --- VX Dude <vxdude2003@yahoo.com> wrote:

    > Hello to all the xposted lists out there =D
    >
    > If it's not a threat to you're wonderfully managed
    > system, then you have nothing to worry about. SO
    > the
    > guy wrote a tool, thats what hackers do. If it's
    > successful, if it's not, (s)he will figure that out
    > themselves when it is, and why. Learning is the Way
    > of the Hacker.
    >
    > Speaking of moderating, what value did your post
    > add?
    > And you had to reply to all? Seems like you just
    > wanted to advertise bugtraq to all the other lists.
    >
    >
    > <ad>This just shows that the Full-Disclosure
    > audience
    > is far more sophisticated then the censorship loving
    > children of Bugtraq.</ad>
    >
    > To Alpt, nice tool, I have no use for it, but still
    > its nice to see someone exploring and coding. Let
    > assholes like stefen here teach you a lesson and
    > remember to not disclose anything. Put on the
    > blackhat and keep your knowledge to yourself, no one
    > else deserves it.
    >
    > You do you're own work, and create your own ideas,
    > and
    > this is the type of thanks you get? No, this is a
    > whitehat trick. See they want you to work gain
    > their
    > approval. By not giving you the credit you deserve,
    > they'll get you to think that their approval is
    > something worth getting. This is just the first
    > step
    > to being a sellout, a whitehat.
    >
    > Don't fall for their jedi mind tricks, become
    > independant and create for no one but yourself.
    > Remember stefen's insults, for this is the thanks of
    > a
    > whitehat.
    >
    > Stinny
    > Internet Sniper
    >
    > --- Stefan.Laudat@allianztiriac.ro wrote:
    >
    > > Usually lame kiddie posts like this shouldn't
    > reach
    > > the list. Old school
    > > ARP attacks are no longer a threat in a decently
    > > managed layer 2
    > > network. I thought bugtraq is still moderated. Oh,
    > > Aleph1, where art thee
    > > ?
    > >
    > > ---
    > > Stefan Laudat
    > > Networking & IT Security Manager
    > > Allianz Tiriac SA Insurance
    > > --
    > > This message is protected by the secrecy of
    > > correspondence rules ;
    > > furthermore it may contain privileged or
    > > confidential information that is
    > > protected by law, notably by the secrecy of
    > business
    > > relations rule ; it
    > > is
    > > intended solely for the attention of the addressee
    > .
    > > Any disclosure, use,
    > > dissemination or reproduction (either whole or
    > > partial) of this message or
    > > the information contained herein is strictly
    > > prohibited without prior
    > > consent.
    > > Any electronic message is susceptible to
    > alteration
    > > and its integrity can
    > > not be assured. Allianz Tiriac declines any
    > > responsibility for this
    > > message in the
    > > event of alteration or falsification.
    > > If you are not the intended recipient, please
    > > destroy it immediately and
    > > notify the sender of the wrong delivery and the
    > mail
    > > deletion.
    > >
    > >
    > >
    > >
    > >
    > >
    > >
    > > Alpt <alpt@freaknet.org>
    > > 13.09.2004 23:05
    > >
    > > To: primavera@freaknet.org
    > > cc: hackmeeting@kyuzz.org,
    > > hackers@dyne.org, ml@sikurezza.org,
    > > bugtraq@securityfocus.com,
    > > full-disclosure@lists.netsys.com,
    > > security-alerts@linuxsecurity.com
    > > Subject: The ArpSucker is b0rn! Be
    > > yourself, be the net.
    > >
    > >
    > >
    > > Freaknet Death C is pride
    > to
    > > present ya:
    > > }----------------- (The
    > ArpSucker)
    > > ----------------{
    > >
    > > Hi folks,
    > > Did you ever dreamed to become the net, to be a
    > big,
    > > bad, black, black,
    > > black hole?
    > > Yep! I did.
    > >
    > > This code was made the "12 Sept 2004".
    > > It started to dawn and I, Tomak and Nirvana, after
    > > eating some food,
    > > started to rave.
    > > Tomak downloaded fakeap.pl; But I also wanted to
    > > give my good amount of
    > > death.
    > > So I told: <<Why not fakeip?>>. Tomak: <<Yea, good
    > > idea, but why don't
    > > you wake up all those sleeper with a sane System
    > of
    > > a Down's song?>>
    > > After a while,
    > > I started to code TheArpSucker...
    > > Then Elibus, Pallotron were my favourite guinea
    > pigs
    > > for direct attacks.
    > >
    > > The idea is simple: we add all the ip we want to
    > > become in the arp cache
    > > of
    > > all the machines. Yes, it's the normal arp
    > > poisoning, but we want to
    > > become
    > > the ENTIRE NETWORK!
    > > The tests of the global arp cache smashing were
    > > successful, I became the
    > > entire
    > > 10.0.0.x and 10.0.1.x network. All the packets
    > went
    > > to me and, with the
    > > ip_forward
    > > activated, I resent them to the real destination.
    > >
    > > Then when I tried to become all the 2^32-1 IPs, I
    > > realized that the
    > > attacked machine
    > > (elibus and pallotron, eheheh), were under a
    > mortal
    > > DoS. The Elibus'
    > > machine was
    > > constantly at 100% of cpu until Elibus unplugged
    > the
    > > eth0 cable, while the
    > > Pallotron's
    > > machine went in kernel panic!. Elibus uses an x86
    > > arch with the linux
    > > kernel, pallotron
    > > uses An Apple I-book, with MacOsx.
    > > Asbesto was giving his blessing to spread death in
    > > our bicazzo network,
    > > and Elibus died
    > > because he didn't want to share his gprs
    > connection,
    > > AHHAHAHAHA.
    > > -
    >
    > > E l i B u S -
    > >
    >
    > > RIP.
    > > He was a good
    > > guinea pig
    > > (^_^)
    > > That was an happy day!
    > > So, here it is the code, Here I spread the src in
    > > the wired.
    > >
    > > The ArpSucker is a patch to arping of iputils:
    > >
    >
    http://www.freaknet.org/alpt/src/p0f-TheArpSucker-iputils-ss020927.patch
    > > You can get the right version of iputils here:
    > >
    >
    http://www.freaknet.org/alpt/src/iputils-ss020927.tar.gz
    >
    === message truncated ===

                    
    _______________________________
    Do you Yahoo!?
    Declare Yourself - Register online to vote today!
    http://vote.yahoo.com

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Frank Knobbe: "Re: [Full-Disclosure] Where is security industry gng??"
    • Quantcast