Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- From: Hugo van der Kooij <hvdkooij@xxxxxxxxxxxxxxx>
- Date: Wed, 10 May 2006 20:25:36 +0200 (CEST)
On Tue, 9 May 2006 king_purba@xxxxxxxxxxx wrote:
We know that tcp connection will close by sending RST flag.
I try to connect to my openssh server on
slackware 10 from my computer fedora core 4. Then using an
openbsd 3.7, that had same network with slackware n fedora,
try to overwrite ARP cache on my fedora core 4. After arp
cache has been overwriten, all packet from fedora core 4
to slackware 10 is ignored. May be this problem is not only
on ssh but on other tcp protocol.
This is an issue with IP in general. Anyone who can spoof ARP entries in a
network can pretty much do anything they want on you LAN.
If there is a flaw then it is a flaw in your switch not protecting you
from such an ARP spoofing issue. There are tools to detect it at host
level and warn you about it.
Further recommended reading:
http://www.codeproject.com/internet/winarpspoof.asp
http://www.l0t3k.org/security/docs/arp/
And I'm sure there must be a load of other documents out there. These were
picked after a 5 second search with google.
I'm a bit puzzled why this message was in fact released on bugtraq as it
adds nothing new to the arp spoofing story.
Hugo.
--
I hate duplicates. Just reply to the relevant mailinglist.
hvdkooij@xxxxxxxxxxxxxxx http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.
- References:
- IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- From: king_purba
- IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- Prev by Date: [ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities
- Next by Date: Firefox 1.5.0.3 - DoS
- Previous by thread: Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- Next by thread: Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
- Index(es):
Relevant Pages
|
