offset wrote:
> I've been playing with arp poisoning lately and had some questions about arp poisoning without layer 3.
>
> Is it possible to configure a linux system with one NIC to act as a layer 2 bridge instead of using IP forwarding (layer 3)?
>
> I can poison another systems arp cache to come to my MAC address for its default gateway, but I'd like to do mitm snooping without my NIC having an IP address signed.
>
> Just asking if this is a possibility to configure linux bridging to route traffic destined for my MAC to be routed back out at layer 2 to the real default gateway MAC.
>
> I've been playing around with setting up a layer 2 bridge (bridge-utils) on linux, but not sure if I can say, all packets that arrive to my bridge via arp poisoning will be re-routed out to the default gateway MAC to keep the victims network from halting due to lack of layer 3 (no ip address to forward through).
>
> Regards,
You should REALLY take a look at this new book -- it is GREAT info on just your question:
LAN Switch Security: What Hackers Know About Your Switches
Vyncke & Paggen
Cisco Press (c) 2008 (Yes, that date is the date in the book!)
ISBN 978-1-58705-259-9 / 1-58705-256-3
This book is a MUST READ for all pen testers!
Jon
--
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
(843) 849-8214
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on Nov 06 2007
Intro
