a man in the middle is not neccessary, you sniff the packets, spoof your ip and or mac, then dos the other box you are spoofing. there is a *nix tool that will do an arp flood, turning all switches into a hub, so you do not need to be on the same subnet either. search for it on freshmeat.net Jmiller ----- Original Message ----- From: "Ryan Permeh" <ryanat_private> To: <elanat_private>; <vuln-devat_private> Sent: Tuesday, July 09, 2002 10:53 AM Subject: RE: hijacking TCP connections on FreeBSD > by using a man in the middle attack, you can do this. You simply need to be > on the route between the host and the computer. I believe dsniff does this. > Also, you may be able to do it non blindly, on the same network segment as > the freebsd machine by sniffing and injecting packets, but there is more > possibility of interference at that point. > > A protection against this is to encrypt your traffic so that neither mitm > attacks nor injection attacks can adequately interrupt the packet stream. > > > Signed, > Ryan Permeh > eEye Digital Security Team > http://www.eEye.com/Retina -Network Security Scanner > http://www.eEye.com/Iris -Network Traffic Analyzer > http://www.eEye.com/SecureIIS -Stop Known and Unknown IIS Vulnerabilities > > -----Original Message----- > From: Elan Hasson [mailto:elanat_private] > Sent: Monday, July 08, 2002 9:49 PM > To: vuln-devat_private > Subject: hijacking TCP connections on FreeBSD > > > (I'm not sure if this is the correct list for this post) > > Is it possible to hijack established tcp connections on FreeBSD? if so, how? > any programs in existence that do this already? > > > --Elan Hasson > http://www.compiled.org -- The programmer's resource. > >
This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 11:45:03 PDT