|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: [Full-Disclosure] Caching a sniffer
From: Kenton Smith (ksmith
chartwelltechnology.com)
Date: Thu Mar 11 2004 - 12:01:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2004-03-11 at 10:43, Mike Fratto wrote:
> Your assuming that the attacker 1) has control of the switch and 2) is
> sniffing either the uplink or has configured the switch to mirror all the
> switch ports or VLAN to the mirror port.
>
> Neither of which may be the case.
There are many people on this list who have more knowledge of this than
I do, but having control of the switch isn't the only way to sniff a
switched network. All you need is a way of spoofing ARP packets and you
can intercept all the traffic you want. Here's one such set of tools -
http://naughty.monkey.org/~dugsong/dsniff/
Kenton
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]