Firewall Wizards mailing list archives

Re: dirty packet tricks?

From: Ryan Russell <ryan () securityfocus com>
Date: Thu, 11 Jul 2002 15:01:04 -0600 (MDT)

On 11 Jul 2002, Stephen D. B. Wolthusen wrote:

... phrased like that it is starting to sound a lot like a souped-up switch
(OK, multiport bridge). Sane switches treat multiple ARP responses (MAC
addresses) as fault conditions and isolate the port the offending frames
came from, so this probably won't go very far in most modern networks.


I wasn't talking about full-on ARP spoofing (can't speak for anyone else.)
That would be bad because you'd end up stealing some of the traffic that
was supposed to go to the local router. I was talking about pulling a copy
of the frame off the wire, change the destination MAC in memory, and
resend it to yourself, not the wire (though it shouldn't hurt anything to
go on the wire, either.)

                                        Ryan

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

dirty packet tricks? Marcus J. Ranum (Jul 10)
- Re: dirty packet tricks? Stephen D. B. Wolthusen (Jul 10)
- Re: dirty packet tricks? Barney Wolff (Jul 10)
  - Re: dirty packet tricks? Marcus J. Ranum (Jul 11)
    - Re: dirty packet tricks? Ryan Russell (Jul 11)
    - Re: dirty packet tricks? Stephen D. B. Wolthusen (Jul 11)
    - Re: dirty packet tricks? Ryan Russell (Jul 11)
    - Re: dirty packet tricks? Nate Campi (Jul 11)
    - Re: dirty packet tricks? Charles Swiger (Jul 11)
    - Re: dirty packet tricks? Frank Knobbe (Jul 12)
    - Re: dirty packet tricks? John McDermott (Jul 11)
    - Re: dirty packet tricks? Ryan Russell (Jul 11)
- <Possible follow-ups>
- Re: dirty packet tricks? Dana Nowell (Jul 12)