Here's a link to a tool that does precisely what Xyntrix suggests (along with some rather detailed guidance and the evidence that the black-hats know and use it, as well as us white-hats). Keep in mind that there are tools and methods to detect careless use of tool sets like this (and the authors of this tool warn there users of this fact and how to be a 'careful' sniffer). http://ettercap.sourceforge.net/ Michael J. Cannon "Si vis pacem, para bellum." Ubiquicomm.com ----- Original Message ----- From: "Xyntrix" <xyntrixat_private> To: "Malcolm Jack" <Malcolmat_private> Cc: "'Korhan Kaya'" <kkayaat_private>; <vuln-devat_private> Sent: Friday, August 17, 2001 12:47 PM Subject: Re: MiM Simultaneous close attack > not necessarily. > > arp cache poisoning, mac address mirroring, and mac address spamming can > enable sniffing of network traffic (that normally would not be addressed to > a specific port) on a switch quite easy.
This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 19:31:32 PDT