Re: Nmap questions concering my router

From: Volker Birk (bumens_at_dingens.org)
Date: 08/22/05

  • Next message: Volker Birk: "Re: Zone Alarm vs Kerio"
    Date: 22 Aug 2005 09:57:54 +0200
    
    

    Nicky <hackeras@gmail.com> wrote:
    > > No. Usually, one will sniff a little bit first, and then manually
    > > configure a free IP address in the network.
    > You mean he'll check the ip pool and then assign himself one ip address
    > from that pool that is not currently in use?

    That was what I mean.

    > > Or one will use ARP poisoning
    > > to spoof an interesting IP address.
    > ARP poisoning?!?

    ARP is a stateless protocol. Therefore, it's easy to send unwanted
    ARP REPLY packets to any host or switch, who should believe, that an IP
    address is now attached to another MAC address, see RFC 826 / STD 0037.

    Windows even has a bug in static ARP; that means, you could supersede
    addresses in ARP table of Windows boxes even if they're inserted staticly.

    Usually, a switch which has a static assignment of MAC and IP to port and
    does filtering ("Layer 3 switch"), can help against such attacks.

    > > Or one will DoS attack a host,
    > > and replace it with the own box with the same MAC and IP address ;-)
    > > All of this will require access to local hardware or to some radio
    > > network.
    > Replace it?
    > You mean the 3rd way needs physical access to get the nic card and put
    > it it on another machine?

    No. I meant, that the attacker could just configure the correct MAC
    and IP addresses on the own interface by software.

    > > The only secure way is, to have a concept implemented like securing
    > > physical access and access to radio networks, or securing the switching
    > > i.e. by using 801.1x.
    > Can you be more specific please?

    What I mean, is the possibility to have authenticated access to a
    switched network only. This can be implemented with the DHCP Relay Agent
    Information Option.

    To find the interesting RFCs, see http://www.rfc-editor.org/rfcsearch.html
    and enter "Relay Agent Option" as search term.

    Also you could have a look on IEEE 802.1X, which you'll find here:
    http://standards.ieee.org/getieee802/download/802.1X-2004.pdf

    Yours,
    VB.

    -- 
    "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
    deutschen Schlafzimmern passiert".
                                        Harald Schmidt zum "Weltjugendtag"
    

  • Next message: Volker Birk: "Re: Zone Alarm vs Kerio"

    Relevant Pages

    • Re: All I have is the MAC address which are on our LAN so no routers are involved.
      ... echo Clearing ARP Cache ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
      (microsoft.public.windowsxp.network_web)
    • Re: Re: All I have is the MAC address which are on our LAN so no routers are involved.
      ... addresses and then check the arp cache with "arp -a". ... an IP on MAC How to use TCP/IP without installing a NIC. ... How to Setup Windows, Network, VPN & Remote Access on = ... Anyway now I have the list of machines with MAC and IP, ...
      (microsoft.public.windowsxp.network_web)
    • RE: gratuitous arp and bad mac
      ... Are you implementing any Layer 2 Switch Fault Tolerance? ... public network only but also NOT recommened in a cluster. ... > I looked at the arp table and found that the mac address for ... > sql-a was now matching the mac for node2. ...
      (microsoft.public.windows.server.clustering)
    • Re: MAC address spoofing - conflict?
      ... That being the case I would think that all network cards on that collision domain would get the packet. ... ARP broadcasts and the question is what will happen. ... ARP asks for an _IP_ address, not a MAC one. ... Cenzic Hailstorm finds vulnerabilities fast. ...
      (Pen-Test)
    • Re: Media Sharing no longer working with gigabit switch?
      ... The switch is strictly a passive device, ... Other than that - it's worth testing the network properties of each PC ... Did you use MAC Clone feature or re-assign the ... and other programs that need ports opened to work ...
      (microsoft.public.windowsmedia.player)