Home page logo

basics logo Security Basics mailing list archives

Re: Network Configuration Question?
From: ktyler () nautilus-ins com
Date: Mon, 4 Nov 2002 13:03:14 -0700

Well you are plugged into a hub, along with other clients. The hubs are
probably then hooked up to a switch. There is software available to sniff
packets if you are hooked up directly to a switch, e.g ettercap.


                      "Ian Lyte"                                                                                        
                      <ilyte () alias666 frees        To:       <security-basics () securityfocus com>                  
                      erve.co.uk>                  cc:                                                                  
                                                   Subject:  Network Configuration Question?                            
                      11/04/2002 09:58 AM                                                                               

Hi All,

    On a corporate machine, I was having trouble removing the TinyBar
scrote-ware that had installed itself surreptitiously onto my machine. As
part of the process of tracking down how it was running, I downloaded a
small packet sniffer and ran it so I could attempt to trace the outgoing
target address of the pop-up window.

    We are on a 100mbs switched network (I believe switched but ..).

    Now imagine my surprise when I could pick up traffic from around 6
machines, including HTTP, POP, SMTP and all the associated passwords.

    Some of the machines were geographically close to me in the office but
not all. How could this happen on a switched network - has one of the
switches fallen over into broadcast mode or something? If so how do I go
about determining (remotely) why/how it has fallen over, who else is on the
segment, and what other avenues do I have to explore?

    Thanks in advance


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]