VNCrack (just so you know it exists)
Illtud Daniel
illtud.daniel "at" llgc.org.uk
Fri, 16 Jun 2000 10:35:01 +0000
Seth Cohn wrote:
> Wrong. Dsniff (http://naughty.monkey.org/~dugsong/dsniff) and related
> tools (arpredirect in particular) WILL allow you to sniff past a switch.
>
> Basically, you send a forged arp packet, and change the gateway. All
> traffic flows from the target to your new gateway, and then is forwarded
> on, as if nothing happened. It's ugly. (Security Watch, Infoworld, May 29
> 2000 article)
Most switches should have a 'security' option to lock MAC addresses
to ports which would stop this, unless it forges an ARP packet to
give a different IP/MAC pair, but that should set your monitoring
processes (you *do* run ARPwatch or similar, don't you?) screaming.
Of course, most people aren't netadmins. Hit yours with a cluestick
if you can get dsniff to work on your network (make sure you've
got right to do so first...)
--
Illtud Daniel illtud.daniel "at" llgc.org.uk
Uwch Ddadansoddwr Systemau Senior Systems Analyst
Llyfrgell Genedlaethol Cymru National Library of Wales
Yn siarad drosof fy hun, nid LlGC - Speaking personally, not for NLW
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------