|
Firewall Wizards
mailing list archives
Re: dirty packet tricks?
From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 11 Jul 2002 15:01:04 -0600 (MDT)
On 11 Jul 2002, Stephen D. B. Wolthusen wrote:
... phrased like that it is starting to sound a lot like a souped-up switch
(OK, multiport bridge). Sane switches treat multiple ARP responses (MAC
addresses) as fault conditions and isolate the port the offending frames
came from, so this probably won't go very far in most modern networks.
I wasn't talking about full-on ARP spoofing (can't speak for anyone else.)
That would be bad because you'd end up stealing some of the traffic that
was supposed to go to the local router. I was talking about pulling a copy
of the frame off the wire, change the destination MAC in memory, and
resend it to yourself, not the wire (though it shouldn't hurt anything to
go on the wire, either.)
Ryan
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
- Re: dirty packet tricks?, (continued)
|
Intro
