Re: Nmap questions concering my router
From: Volker Birk (bumens_at_dingens.org)
Date: 22 Aug 2005 09:57:54 +0200
Nicky <email@example.com> wrote:
> > No. Usually, one will sniff a little bit first, and then manually
> > configure a free IP address in the network.
> You mean he'll check the ip pool and then assign himself one ip address
> from that pool that is not currently in use?
That was what I mean.
> > Or one will use ARP poisoning
> > to spoof an interesting IP address.
> ARP poisoning?!?
ARP is a stateless protocol. Therefore, it's easy to send unwanted
ARP REPLY packets to any host or switch, who should believe, that an IP
address is now attached to another MAC address, see RFC 826 / STD 0037.
Windows even has a bug in static ARP; that means, you could supersede
addresses in ARP table of Windows boxes even if they're inserted staticly.
Usually, a switch which has a static assignment of MAC and IP to port and
does filtering ("Layer 3 switch"), can help against such attacks.
> > Or one will DoS attack a host,
> > and replace it with the own box with the same MAC and IP address ;-)
> > All of this will require access to local hardware or to some radio
> > network.
> Replace it?
> You mean the 3rd way needs physical access to get the nic card and put
> it it on another machine?
No. I meant, that the attacker could just configure the correct MAC
and IP addresses on the own interface by software.
> > The only secure way is, to have a concept implemented like securing
> > physical access and access to radio networks, or securing the switching
> > i.e. by using 801.1x.
> Can you be more specific please?
What I mean, is the possibility to have authenticated access to a
switched network only. This can be implemented with the DHCP Relay Agent
To find the interesting RFCs, see http://www.rfc-editor.org/rfcsearch.html
and enter "Relay Agent Option" as search term.
Also you could have a look on IEEE 802.1X, which you'll find here:
-- "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in deutschen Schlafzimmern passiert". Harald Schmidt zum "Weltjugendtag"