Penetration Testing mailing list archives

RE: arpspoofing

From: Darrin.Wassom () spectrum-health org
Date: Mon, 11 Feb 2002 14:14:09 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not sure if this has been covered but a network tap could also be
installed between the inbound or outbound traffic and the switch.
They are relatively inexpensive, reliable and a breeze to install.
Check out Finisar Systems or Netoptics for models and pricing..

Darrin Wassom - Sr. Systems Security Engineer
Information Security Compliance Team
Spectrum Health I&TM
phone: 616.391.9031 - fax: 616.391.3496
darrin.wassom () spectrum-health org

- -----Original Message-----
From: Lee Brotherston [mailto:lee.brotherston () uk easynet net]
Sent: Friday, February 08, 2002 12:34 PM
To: 'Erlend J. Leiknes'; pen-test () securityfocus com
Subject: RE: arpspoofing



| Any other ways to sniff in a switched enviorment?

There are a couple of other ways to sniff traffic on a switched
network
assuming you have physical access to network:

- - Alot of switches these days have the option of configuring a mirror
port.
This port get's duplicates of traffics from all other ports.  So you
can see
everything.  This port does get the aggregate of the others remember,
so it
will be high bandwidth.

- - You could place a machine on the networks' uplink running in
bridging
mode.  Doing this you will only see traffic that is going over the
uplink
however, as local traffic will be sent via the switch only, and will
not
touch the uplink.  And you have the downside of causing an outage
when you
install/remove the machine.

Thanks

  Lee

- -- 
Lee Brotherston  -  IP Security Manager, Easynet Ltd
http://www.easynet.net/         Phone: +44 20 7900 4444

- ----------------------------------------------------------------------
- ------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPGgXy24N+bXOHao1EQK33ACgwz4oHWysgLbGZ1N6ffwgkf2SwA0AoKi/
hc5FQNwMGZL9JZNDZH+t2KZB
=xpat
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

arpspoofing Erlend J. Leiknes (Feb 05)
- <Possible follow-ups>
- Re: arpspoofing gattaca (Feb 05)
- RE: arpspoofing Lee Brotherston (Feb 11)
- RE: arpspoofing Darrin . Wassom (Feb 11)