Security Basics mailing list archives
Fwd: Netmeeting sniffing
From: Thomas Kane <takane2 () gmail com>
Date: Wed, 25 Mar 2009 11:01:23 -0400
---------- Forwarded message ---------- From: Thomas Kane <takane2 () gmail com> Date: Wed, Mar 25, 2009 at 11:00 AM Subject: Re: Netmeeting sniffing To: Chip Panarchy <forumanarchy () gmail com> I said physical layer because I'm using a hub to get the packers not ARP poisoning or something like that. The netmeeting certificates have a public and private key which I can extract with openSSL but it dons't seem to be SSL when I look at it via wireshark. When I set wireshark to decode said packets as SSL, there is no 'Hello' packet. I'm going to see if any of the netmeeting connection packets have the key exchange in them. On Wed, Mar 25, 2009 at 4:11 AM, Chip Panarchy <forumanarchy () gmail com> wrote:
To a Physical Layer attack? Well the same as anything else I suppose... for Ethernet. Are you sure you meant Physical? What level of encryption, 256-bit? AES or Camellia? On Sun, Mar 22, 2009 at 12:14 PM, Thomas Kane <takane2 () gmail com> wrote:So I'm wondering about the vulnerabilities of netmeeting remote desktop to a physical layer attack. I have a test set up at my home, I have one laptop connected to my westell dsl modem/router/switch via wifi. then I connected my desktop via ethernet. My idea for the attack was inserting a hub in there and grabbing the packets with another laptop in promiscuous mode. In addition I have grabbed the netmeeting certificates from the two computers involved. So I have the certs(one of which had a private key, the other claimed it didn't have one). I got the packets. I typed somethings because my main focus is retrieving typed passwords from the wire. So now how would I go about decrpyting the packets and what format are keystrokes in? I'd appreciate any help I could get! ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. Totally hands-on course with evening Capture The Flag (CTF) exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------
Current thread:
- Netmeeting sniffing Thomas Kane (Mar 24)
- Re: Netmeeting sniffing kalgecin () gmail com (Mar 25)
- Message not available
- Message not available
- Fwd: Netmeeting sniffing Thomas Kane (Mar 25)
- Message not available