mailing list archives
Re: switched n/w
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 8 Dec 2004 12:44:24 +0200 (IST)
On Wed, 8 Dec 2004, kaushal wrote:
Iam a bit new to network securities. We have a switched network and to my
knowledge a hosts' data cannot be sniffed by other host by runnning
tcpdump. But Iam receiving complaints from few users that their data is being
changed/manipulated.Is this possible?
Sniffing/modification is easily possible with ARP-poisoning attack (see, e.g.,
www.arp-sk.org) and consecuitive man-in-the-middle attack. But for sure there
are many other attacks besides sniffing and MitM on network.
How can I avoid this at the host level? Does this mean the server has been
compromised? Any help or pointer in this aspect would be highly appreciated.
It depends on what data actually changed/sniffed -- you should provide more