Hi,
Quoting Salyars, Marty (marty.salyars_at_AMSC.BELVOIR.ARMY.MIL):
> Can someone inside a switched NT network spoof a host to get
> unauthorized access to resources. How easy or hard is it?
Yes. Using tools like 'arpredirect' in combination with 'fragrouter' or the
like, someone can redirect all trafic from a host to other hosts trough
his/her own machine. Spoofing is easy then.
Spoofing inside a switched network is usually no problem at all; sniffing
inside a switched network is. You probably won't even need to 'arpredirect'
to do the spoofing, unless we're talking a switch that knows his stuff.
> Can someone outside the switched NT network spoof a host to get
> unauthorized access. How can they do this?
If your router allows routing of those 'inside' addresses; yes.
Anything that generates spoofed packets will work.
> Can an individual inside or outside the switched NT network hijack a
> session to get into resources
Session hijacking would need sniffing, unless the sequence numbering is
_very_ straightforward, then it's guessable - but hard to do.
When using 'arpredirect' to direct all traffic trough an 'intermediate
host', session hijacking is quite easy.
'hunt' is a tool that does stuff like that.
> What tools would the culprit use?
'dsniff' (includes arpredirect), 'hunt', 'fragrouter'.
> Can the individual spoof the host using SYN flooding, sending
> spoofed ARP replies, MAC flooding/ MAC spoofing/MAC duplication.
Spoofing trough syn flooding is not possible ;) - taking out the originator
using synflooding, then spoofing it is.
MAC spoofing is a very real option, if the network card supports changing
its hardware address.
Greets,
Robert
--
Linux Generation
Received on Feb 04 2001
Intro
