Re: MiM Simultaneous close attack

From: Xyntrix (xyntrixat_private)
Date: Fri Aug 17 2001 - 10:47:14 PDT

  • Next message: big bon: "RE: MiM Simultaneous close attack"

    not necessarily.
    
    arp cache poisoning, mac address mirroring, and mac address spamming can
    enable sniffing of network traffic (that normally would not be addressed to
    a specific port) on a switch quite easy.
    
    
    On Fri, Aug 17, 2001 at 09:01 AM, Malcolm Jack <Malcolmat_private> said:
    > Excuse my ignorance, but wouldn't a switched network be a remedy for this
    > attack?  Unless you are using some type of 'port mirroring' functionality
    > (at the switch) the attacking computer sitting in promiscuous mode would
    > only hear broadcast traffic.  Right? Or am I missing something?
    > 
    > -----Original Message-----
    > From: Korhan Kaya [mailto:kkayaat_private]
    > Sent: Tuesday, August 14, 2001 8:38 AM
    > To: vuln-devat_private
    > Subject: MiM Simultaneous close attack
    > 
    > 
    > MiM simultaneous CLOSE attack
    > 
    > Revision 1.1
    > 
    > For Public Release 2001 August 07 08:00 (GMT +0200)
    > _________________________________________________________________
    > 
    >  Vulnerability :
    >         MiM simultaneous CLOSE attack
    >  Vendor :
    >         N/A
    >  Category :
    >         Man in the middle / Denial of service
    >  Date :
    >         08/07/2001
    > Credits :
    >         Korhan Kaya <kkayaat_private>
    >         Document ID   :  MW-TCPMD-03
    > 
    > 
    -----
    _______________________________________
    Mike Mclane | xyntrix at bitz dot org |
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    



    This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 15:06:22 PDT