Re: [PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitrary packets)

From: Matt Scarborough (vexversaat_private)
Date: Tue May 08 2001 - 23:35:12 PDT

Next message: Lightsey, Jeff: "Re: [PEN-TEST] websence bypass ?"

Previous message: Yonatan Bokovza: "Re: [PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitr ary packets)"
Maybe in reply to: Javier Fernandez-Sanguino Peña: "[PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitrary packets)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>>Frank Knobbe escribió:
>> Or simply poison the victims ARP cache with the MAC address of your
>> station.

>Javier Fernandez-Sanguino Peña escribió:
>	BTW, I have been unable to find tools to do this besides dsniff (great
tool)
>and arp0c. Any tool for Windows NT? (preferably that does not need
rebooting,
>that is, does not use winpcap).

WinPcap 2.1 (± April 2001) can be dropped onto NT4 without rebooting. This is
true for nearly all WinPcap 2.1 enabled apps, thus allowing packet capture or
injection (with LibNetNT) without rebooting on NT4-5.
http://netgroup-serv.polito.it/windump/install/default.htm

Here I see Frank's Snarp on NT4 Server SP6a+ using WinPcap 2.1 spoofs ARP
without rebooting.

Matt 2001-05-09



____________________________________________________________________
Get free email and a permanent address at http://www.amexmail.com/?A=1

Next message: Lightsey, Jeff: "Re: [PEN-TEST] websence bypass ?"
Previous message: Yonatan Bokovza: "Re: [PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitr ary packets)"
Maybe in reply to: Javier Fernandez-Sanguino Peña: "[PEN-TEST] Mac poisoning (was Re: [PEN-TEST] Replaying arbitrary packets)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 10 2001 - 18:29:44 PDT