Re: Layer 2 arp snooping without Layer 3?
- From: Cedric Blancher <blancher@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 25 Oct 2007 19:35:10 +0200
Le jeudi 25 octobre 2007 à 10:44 +0300, Nikolaj a écrit :
Well you could poison one's cache but without you having an ip address
it will be pointless. [...] and the kernel will most likely discard
it). I think this is what will happen.
Not necessarily.
You can sniff traffic and send it back to userland applications using a
mechanism such as tuntap. On Linux, you can use ebtables framework to
route traffic back to IP stack, then Netfilter to another local IP
address.
You just have to send it somewhere you have an IP address, but it does
not have to be on the link you're sending your ARP cahce poisoning.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Layer 2 arp snooping without Layer 3?
- From: offset
- Re: Layer 2 arp snooping without Layer 3?
- From: Nikolaj
- Layer 2 arp snooping without Layer 3?
- Prev by Date: Web Application Hacker's Handbook
- Next by Date: Re: Layer 2 arp snooping without Layer 3?
- Previous by thread: Re: Layer 2 arp snooping without Layer 3?
- Next by thread: Re: Layer 2 arp snooping without Layer 3?
- Index(es):
Relevant Pages
|
|
