Re: capture/sniff/reconstruct graphic files

Sebastian Gottschalk <seppi@xxxxxxxxx> writes:
Walter Roberson wrote:

Most networks these days are "fully switched", and in order to
capture the data, one would need to have access to the infrastructure
on the direct route between sender and receiver.

But that's not as hard for attackers to obtain as you might think.

One user in your organization clicks the wrong thing with a web
browser that's either not fully patched, or hits a zero day exploit
the vendors don't even know about, pushes a remote shell to the
attacker, or full gui access. From this machine, perhaps completely
unbeknownst to the unwary users's, remote attacker fires up a sniffing
tool like the ones described here, and fires up freely available tools
to perform arp cache poisoning or cam table flooding to dumb the
switch down to hub mode or to route all switch packets through the
compromised host, and voila, remote sniffing of your local network.

If you see your entire bank of led's flashing simultaneously on your
switch and you're not sure why, worry.

Best Regards,
--
Todd H.
http://www.toddh.net/
.