Home page logo
/

basics logo Security Basics mailing list archives

Re: Network Configuration Question?
From: ktyler () nautilus-ins com
Date: Mon, 4 Nov 2002 13:03:14 -0700


Well you are plugged into a hub, along with other clients. The hubs are
probably then hooked up to a switch. There is software available to sniff
packets if you are hooked up directly to a switch, e.g ettercap.


Keith


                                                                                                                        
             
                      "Ian Lyte"                                                                                        
             
                      <ilyte () alias666 frees        To:       <security-basics () securityfocus com>                  
                   
                      erve.co.uk>                  cc:                                                                  
             
                                                   Subject:  Network Configuration Question?                            
             
                      11/04/2002 09:58 AM                                                                               
             
                                                                                                                        
             
                                                                                                                        
             




Hi All,

    On a corporate machine, I was having trouble removing the TinyBar
scrote-ware that had installed itself surreptitiously onto my machine. As
part of the process of tracking down how it was running, I downloaded a
small packet sniffer and ran it so I could attempt to trace the outgoing
target address of the pop-up window.

    We are on a 100mbs switched network (I believe switched but ..).

    Now imagine my surprise when I could pick up traffic from around 6
other
machines, including HTTP, POP, SMTP and all the associated passwords.

    Some of the machines were geographically close to me in the office but
not all. How could this happen on a switched network - has one of the
switches fallen over into broadcast mode or something? If so how do I go
about determining (remotely) why/how it has fallen over, who else is on the
segment, and what other avenues do I have to explore?

    Thanks in advance

Ian








  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]