Re: MiM Simultaneous close attack

From: Michael J. Cannon (mcannonat_private)
Date: Fri Aug 17 2001 - 17:26:34 PDT

  • Next message: Paul: "Re: MiM Simultaneous close attack"

    Here's a link to a tool that does precisely what Xyntrix suggests (along
    with some rather detailed guidance and the evidence that the black-hats know
    and use it, as well as us white-hats).
    
    Keep in mind that there are tools and methods to detect careless use of tool
    sets like this (and the authors of this tool warn there users of this fact
    and how to be a 'careful' sniffer).
    
    http://ettercap.sourceforge.net/
    
    Michael J. Cannon
    "Si vis pacem, para bellum."
    Ubiquicomm.com
    ----- Original Message -----
    From: "Xyntrix" <xyntrixat_private>
    To: "Malcolm Jack" <Malcolmat_private>
    Cc: "'Korhan Kaya'" <kkayaat_private>; <vuln-devat_private>
    Sent: Friday, August 17, 2001 12:47 PM
    Subject: Re: MiM Simultaneous close attack
    
    
    > not necessarily.
    >
    > arp cache poisoning, mac address mirroring, and mac address spamming can
    > enable sniffing of network traffic (that normally would not be addressed
    to
    > a specific port) on a switch quite easy.
    



    This archive was generated by hypermail 2b30 : Fri Aug 17 2001 - 19:31:32 PDT