Home page logo
/

basics logo Security Basics mailing list archives

Re: Network Configuration Question?
From: "Pablo Gietz" <pablo.gietz () nuevobersa com ar>
Date: Tue, 5 Nov 2002 16:32:45 -0300

Read This, may be related.

http://www.phenoelit.org/arpoc/

Also I want to ear the experts opinion about this or similar soft. This
work? this represent a risk?

Thanks


Pablo A. C. Gietz
Jefe de Seguridad Informática
Nuevo Banco de Entre Ríos S.A.
Te.: 0343 - 4201351
----- Original Message -----
From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: <security-basics () securityfocus com>
Sent: Monday, November 04, 2002 1:58 PM
Subject: Network Configuration Question?


Hi All,

    On a corporate machine, I was having trouble removing the TinyBar
scrote-ware that had installed itself surreptitiously onto my machine. As
part of the process of tracking down how it was running, I downloaded a
small packet sniffer and ran it so I could attempt to trace the outgoing
target address of the pop-up window.

    We are on a 100mbs switched network (I believe switched but ..).

    Now imagine my surprise when I could pick up traffic from around 6
other
machines, including HTTP, POP, SMTP and all the associated passwords.

    Some of the machines were geographically close to me in the office but
not all. How could this happen on a switched network - has one of the
switches fallen over into broadcast mode or something? If so how do I go
about determining (remotely) why/how it has fallen over, who else is on
the
segment, and what other avenues do I have to explore?

    Thanks in advance

Ian





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault