> Excuse my ignorance, but wouldn't a switched network be a remedy for this > attack? Unless you are using some type of 'port mirroring' functionality > (at the switch) the attacking computer sitting in promiscuous mode would > only hear broadcast traffic. Right? Or am I missing something? > > Hi , In theory, you cannot do this in a switched-hub network. In practice, attacker can use numerous methots like Switch jamming , ARP Redirecting , ICMP Redirecting , Switch Jamming listen network traffic in a switched-hub envronment. (for more info : see http://www.robertgraham.com/pubs/sniffing-faq.html ). Also attacker can affect local host to trigger a network flood. Regards Korhan Kaya
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 19:29:09 PDT