Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
From: Hugo van der Kooij (hvdkooijvanderkooij.org)
Date: Wed May 10 2006 - 13:25:36 CDT
On Tue, 9 May 2006 king_purbayahoo.co.uk wrote:
> We know that tcp connection will close by sending RST flag.
> I try to connect to my openssh server on
> slackware 10 from my computer fedora core 4. Then using an
> openbsd 3.7, that had same network with slackware n fedora,
> try to overwrite ARP cache on my fedora core 4. After arp
> cache has been overwriten, all packet from fedora core 4
> to slackware 10 is ignored. May be this problem is not only
> on ssh but on other tcp protocol.
This is an issue with IP in general. Anyone who can spoof ARP entries in a
network can pretty much do anything they want on you LAN.
If there is a flaw then it is a flaw in your switch not protecting you
from such an ARP spoofing issue. There are tools to detect it at host
level and warn you about it.
Further recommended reading:
And I'm sure there must be a load of other documents out there. These were
picked after a 5 second search with google.
I'm a bit puzzled why this message was in fact released on bugtraq as it
adds nothing new to the arp spoofing story.
I hate duplicates. Just reply to the relevant mailinglist.
Don't meddle in the affairs of magicians,
for they are subtle and quick to anger.