Re: AW: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6 18

From: Craig Janssen (cjanssen_at_mail.millikin.edu)
Date: 06/26/03

  • Next message: Craig Janssen: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618" 
    Date: Thu, 26 Jun 2003 16:58:31 -0500
To: <security-basics@securityfocus.com>, <SMiller@unimin.com>

    If you perform a man-in-the-middle attack (accomplished by poisoning the
    arp tables of the two computers that you want to eavesdrop on and
    convince the source computer that you are the destination computer and
    vice versa), use packet forwarding software to relay all packets through
    your computer to the respective destinations, it should be invisible on
    a traceroute. The only way you could tell that something was going on
    is if you had both mac addresses memorized, and if you do check your arp
    table and notice the mac address the remote IP is coming from is
    different than what it should be...

    Craig

    >>> <SMiller@unimin.com> 06/26/03 12:07PM >>>

    To ask a related, equally uninformed question: If packets are
    diverted
    through a sniffing host, will the sniffer address be enumerated on
    traceroutes from either the source or the destination host to its
    counterpart, or are there techniques to mask this? Thanks.

    -Scott

                                                                           
                                                             
                          Meidinger Christopher
                                                             
                          <christopher.meidinger@ To: "'David
    Wallraff'" <wall0448@ece.umn.edu>
                          badenIT.de> cc:
    "Security-Basics@Securityfocus. Com (E-Mail)"
                                                         
    <security-basics@securityfocus.com>
         
                          06/26/2003 05:09 AM Subject: AW: AW:
    security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 6
                                                          18
                                                             
                                                                           
                                                             

    ...NOW, you ask yourself how can i sniff on a switched network if all i
    get
    is
    stuff for me?

    The answer is, you have to lie to the other machines telling them that
    you
    are either their gateway, or that you are the machines that they want
    to
    talk to. The technical details are out of the scope of this paper, but
    you
    essentially get messages destined for other IP addresses delivered to
    your
    MAC address and then send them yourself to the the real MAC address
    that
    belongs to dst host after keeping a copy of the packet for yourself.
    This
    takes a certain amount of skill (though not that much with automated
    tools,
    see below) to do, but it is not beyond a novice.
    ...
    Chris Meidinger
    Tullastrasse 70
    79108 Freiburg

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
    analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access
    in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------

  • Next message: Craig Janssen: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"

    Relevant Pages

    • Re: Ip forwarding
      ... Packets that are meant to be forwarded by a router must be sent to its MAC address on the link. ... The gateway column optionnally contains the address of the next hop router if the destination is not directly reachable on the network attached to the output interface. ... In both cases the packet is sent on the link to the next hop MAC address. ...
      (comp.os.linux.networking)
    • RE: Network sniffing on the wire - managed switches
      ... Switches send packets to destination ports based on the ... destination MAC address of the packet, ... MAC address is either YOUR MAC address, ... Network sniffing on the wire - managed switches ...
      (Security-Basics)
    • RE: TCP reset DoS with multicast MAC.
      ... Unless the packets you're capturing originated on the same subnet you're ... You cannot craft a packet with a custom source and destination Ethernet ... TCP reset DoS with multicast MAC. ...
      (Security-Basics)
    • Re: Promiscuous Mode
      ... #> It won't make any difference on a switched network as you won't see ... # something), and someone sends a packet with a MAC address that isn't yours, ... the packet if the destination MAC does not match its own. ...
      (Pen-Test)
    • Re: Getting an IP address from a MAC address
      ... and IP addresses to MACs (ARP). ... You can also run a sniffer on your box to see if the MAC shows up in any ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)