Re: CRIME ettercap

From: tobyhush@private
Date: Thu Mar 13 2003 - 12:21:47 PST

  • Next message: alan: "RE: CRIME"

    -----BEGIN PGP SIGNED MESSAGE-----
    
    Good suggestion. I haven't played with it on a wireless network but on a wired network it is great fun and very easy to use.
    Dsniff is another good one in this space. http://naughty.monkey.org/~dugsong/dsniff/
    A bit of trivia- BackOrifice 2000 is on Sourceforge:
    bo2k.sourceforge.net/
    Though it hadn't had much recently last time I checked.
    
    t
    
    On Thu, 13 Mar 2003 10:41:33 -0800 Jim Binkley <jrb@private> wrote:
    >
    >If you don't know about ettercap, you might wish
    >to spend some time observing it at:
    >
    >http://ettercap.sourceforge.net/
    >
    >If you have a large wireless network, it could come and visit you.
    >
    >I would characterize it as a swiss-army-knife attack kit; that is,
    >
    >a collection of attacks mostly based first on performing link-layer
    >arp-spoofing,
    >enabling a MITM situation, and thus enabling a 2nd level of possible
    >attacks, once the arp-based MITM situation is setup.
    >
    >But there are certainly some curious other attacks in there too,
    > that may be simply
    >"bad" because of DOS potential (the 802.1d spanning tree root
    >one is scary).   The attack that attempts to overflow switch
    >mac-address-table forwarding thus perhaps leading to no
    >unicast segmentation is also interesting.  Both are there to potentially
    >enable the ettercap user to be the MITM, of course.  There are defenses
    >against these things in many ethernet switches, but they are low-
    >level,
    >and hard to administer in large enterprises (read not very scalable).
    >
    >This makes me pose the hypothetical question:
    >
    >Gee if ettercap can be on sourceforge, why wasn't trinoo made
    >available there either :-> ?!
    >
    >					Jim Binkley
    >					jrb@private
    >
    >
    >
    >
    -----BEGIN PGP SIGNATURE-----
    Version: Hush 2.2 (Java)
    Note: This signature can be verified at https://www.hushtools.com/verify
    
    wl0EARECAB0FAj5w6FYWHHRvYnlodXNoQGh1c2htYWlsLmNvbQAKCRCCZA+ELDMXINx+
    AJ0WiCbS7c5T0CFPVUcg7RgZTzdcJQCff2Y7oaofzWNGhCdEjyQNUPY2k18=
    =NrHF
    -----END PGP SIGNATURE-----
    
    
    
    
    Concerned about your privacy? Follow this link to get
    FREE encrypted email: https://www.hushmail.com/?l=2 
    
    Big $$$ to be made with the HushMail Affiliate Program: 
    https://www.hushmail.com/about.php?subloc=affiliate&l=427
    



    This archive was generated by hypermail 2b30 : Thu Mar 13 2003 - 13:17:05 PST