x ARP request for 6.240.183.248 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.250 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.251 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.252 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.253 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 6.240.183.254 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
x ARP request for 1.95.202.249 (46 bytes) from xxxxxxxxxxxxxx to ffffffffffff on
eth0 x
I make a ping sweep here for network that is configured by the ISP
I do that from a REMOTE network lets say www.micro-soft.com ( Just Kidding)
since the ROUTER at the ISP does not know wher to find these adresses it makes an
ARP request
now whatch 1.95.202.249
on my box i have 1.95.202.173 as NORMAL address
so i do
ifconfig eth0:1 1.95.202.249
now again from www.micro-soft.com i do
ping 1.95.202.249
then I see
x ARP request for 1.95.202.249 (46 bytes) from 00d0xxxxxxxx to ffffffffffff on
eth0 ===============
My iface replys
ARP reply from 1.95.202.249 (46 bytes) from xxxxxxxxxxxx to xxxxxxxxxxxxxx on
eth0 x
no i make
route delete 0.0.0.0
route add 0.0.0.0 gw 1.95.202.1
and all trafic comming from there seems to come from 1.95.202.249
now i do telnet www.compaq.com 53
hackiti hack, clickiti click
do my stuf
aftwerwards do reboot my pc
all back to normal
next mornng guy from 1.95.202.249 wakes up next to Jim, just sentenced to
another 10 years for raping his cellmate...
catch my drift?
Patrick Patterson wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> I think I see where Patrick was coming from with this:
>
> Victim turns on his computer, and gets an IP address
> Cracker, while sniffing the Cable segment notices that IP adress foo is
> assigned to MAC bar
> Cracker changes his own MAC address to bar, and brings up IP address foo on
> this new MAC address (some Ethernet cards have overwritable MAC addresses)
> Since both Cracker and Victim have the same MAC, Cracker get's all packets
> for Victims computer, and is able to impersonate victim.
>
> This is just a slightly more sophisticated IP Address Spoofing attack.... and
> I don't think it will work...
>
> >From what I know of Cablemodem networks, there are actually several parts.
>
> 1: The cable network - the 'Modem' talks to the Cable Company terminal
> equipment and ensures that you are a valid subscriber.
> 2: The IP Network - the routers keep track of which IP and MAC, is on which
> Cable Modem - thus making this attack unlikely to succeed....
>
> I haven't tested this, and might be horribly wrong, but I don't think so -
> this is one of those things that looks better in theory than in practice - Is
> anyone from @HOME or ATT around to confirm/deny what's I've written?
>
> On Wednesday 28 March 2001 09:09, Nick Summy wrote:
> > Now I hardly know anything about this subject, so correct me If im wrong,
> > but I have a few questions.
>
> <SNIP>
>
> - --
>
> Patrick Patterson Tel: +1 514 485-0789
> President, Chief Security Architect Fax: +1 514 485-4737
> Carillon Information Security Inc. E-Mail: ppatterson_at_carillonis.com
>
> - ----------------- The New Sound of Network Security -----------------
> << http://www.carillonis.com >>
Received on Mar 29 2001
Intro
