mailing list archives
Send ARP before spoof
From: "flacman" <flacman () gmail com>
Date: Mon, 5 Nov 2007 09:29:35 -0500
Hi, i've been testing a los nmap IpSpoof function, and some times it doesn't
function. I was wondering why, so I make tests using whireshark. The reason
was that sometimes the router/switch don't have in it's cache the mac
address of the source (the attacker) so it have to send arp packages to see
who was the owner of that ip. In other word's it makes like a blind ipSpoof.
So, I propose to send first some spoofed arp packages first to fill the
router/switch cache first.
Flacman [at] colombiaunderground.org
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- Send ARP before spoof flacman (Nov 05)