Re: MiM Simultaneous close attack

From: Korhan Kaya (kkayaat_private)
Date: Fri Aug 17 2001 - 15:55:50 PDT

Next message: jaywhy: "Re: MiM Simultaneous close attack"

Previous message: Dom De Vitto: "RE: MiM Simultaneous close attack"
In reply to: Malcolm Jack: "RE: MiM Simultaneous close attack"
Next in thread: big bon: "RE: MiM Simultaneous close attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Excuse my ignorance, but wouldn't a switched network be a remedy for this
> attack?  Unless you are using some type of 'port mirroring' functionality
> (at the switch) the attacking computer sitting in promiscuous mode would
> only hear broadcast traffic.  Right? Or am I missing something?
>
>

Hi ,

In theory, you cannot do this in a switched-hub network.  In practice,
attacker can use numerous methots like Switch jamming , ARP Redirecting ,
ICMP Redirecting , Switch Jamming  listen network traffic in a switched-hub
envronment. (for more info : see
http://www.robertgraham.com/pubs/sniffing-faq.html ). Also attacker can
affect local host to trigger a network flood.

Regards

Korhan Kaya

Next message: jaywhy: "Re: MiM Simultaneous close attack"
Previous message: Dom De Vitto: "RE: MiM Simultaneous close attack"
In reply to: Malcolm Jack: "RE: MiM Simultaneous close attack"
Next in thread: big bon: "RE: MiM Simultaneous close attack"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 19:29:09 PDT