Re: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18
Date: 06/26/03

  • Next message: Mitchell Rowton: "Re: Firewall on server itself"
    Date: Thu, 26 Jun 2003 13:07:55 -0400

    To ask a related, equally uninformed question: If packets are diverted
    through a sniffing host, will the sniffer address be enumerated on
    traceroutes from either the source or the destination host to its
    counterpart, or are there techniques to mask this? Thanks.


                          Meidinger Christopher
                          <christopher.meidinger@ To: "'David Wallraff'" <>
                > cc: "Security-Basics@Securityfocus. Com (E-Mail)"
                          06/26/2003 05:09 AM Subject: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6

    ...NOW, you ask yourself how can i sniff on a switched network if all i get
    stuff for me?

    The answer is, you have to lie to the other machines telling them that you
    are either their gateway, or that you are the machines that they want to
    talk to. The technical details are out of the scope of this paper, but you
    essentially get messages destined for other IP addresses delivered to your
    MAC address and then send them yourself to the the real MAC address that
    belongs to dst host after keeping a copy of the packet for yourself. This
    takes a certain amount of skill (though not that much with automated tools,
    see below) to do, but it is not beyond a novice.
    Chris Meidinger
    Tullastrasse 70
    79108 Freiburg

    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
    Visit us at:

  • Next message: Mitchell Rowton: "Re: Firewall on server itself"

    Relevant Pages

    • Re: Do I Have A Firewalled LAN Run By ISP In Between?
      ... from that host while at host ... running a layer within a layer, with a complex network address translation ... application called "Internet Connection Sharing". ... what those packets are for, ...
    • Re: IP over RS232 serial port under QNX6 (
      ... Now i can 'ping' and receive correct answers from the remote host. ... Now i want to setup the TCP/IP stack on top of the serial port. ... When i 'ping' to the destination endpoint from the source ... These packets were correct ARP-Broadcasts ...
    • Re: Duplicate Echo Replies with Channel Bonding
      ... In this mode both interfaces receive packets, ... >When both eth0 and eth1 are up and I ping from Host C to Host A I get ... >The destination network exists on both Router A and ... Switch B does not have the MAC address in its MAC address table ...
    • Re: Ip spoof from
      ... - A passive spoofed portscan with the attacker on the local ... segment watching the response packets go out to the default ... If a host responds to the syn packet sourced from with an ack, ... it goes to the router either with the destination IP address rewritten ...
    • Re: Yet another thread on the legality of port scanning
      ... Which portthe packets are sent to is ... If I do a "nice", normal portscan on a host - via TCP, UDP or ICMP I am ... This sort of behavior is ... If I try to flood your host with abnormally LARGE ICMP packets endlessly ...