If you don't know about ettercap, you might wish to spend some time observing it at: http://ettercap.sourceforge.net/ If you have a large wireless network, it could come and visit you. I would characterize it as a swiss-army-knife attack kit; that is, a collection of attacks mostly based first on performing link-layer arp-spoofing, enabling a MITM situation, and thus enabling a 2nd level of possible attacks, once the arp-based MITM situation is setup. But there are certainly some curious other attacks in there too, that may be simply "bad" because of DOS potential (the 802.1d spanning tree root one is scary). The attack that attempts to overflow switch mac-address-table forwarding thus perhaps leading to no unicast segmentation is also interesting. Both are there to potentially enable the ettercap user to be the MITM, of course. There are defenses against these things in many ethernet switches, but they are low-level, and hard to administer in large enterprises (read not very scalable). This makes me pose the hypothetical question: Gee if ettercap can be on sourceforge, why wasn't trinoo made available there either :-> ?! Jim Binkley jrb@private
This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 11:32:14 PST