Bugtraq mailing list archives
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Wed, 10 May 2006 20:25:36 +0200 (CEST)
On Tue, 9 May 2006 king_purba () yahoo co uk wrote:
We know that tcp connection will close by sending RST flag. I try to connect to my openssh server on slackware 10 from my computer fedora core 4. Then using an openbsd 3.7, that had same network with slackware n fedora, try to overwrite ARP cache on my fedora core 4. After arp cache has been overwriten, all packet from fedora core 4 to slackware 10 is ignored. May be this problem is not only on ssh but on other tcp protocol.
This is an issue with IP in general. Anyone who can spoof ARP entries in a network can pretty much do anything they want on you LAN. If there is a flaw then it is a flaw in your switch not protecting you from such an ARP spoofing issue. There are tools to detect it at host level and warn you about it. Further recommended reading: http://www.codeproject.com/internet/winarpspoof.asp http://www.l0t3k.org/security/docs/arp/ And I'm sure there must be a load of other documents out there. These were picked after a 5 second search with google. I'm a bit puzzled why this message was in fact released on bugtraq as it adds nothing new to the arp spoofing story. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger.
Current thread:
- IGNORING SSH CONNECTION USES ARP CACHE POISSONING king_purba (May 09)
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Thierry Zoller (May 09)
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Hugo van der Kooij (May 10)
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING Felipe openglx (May 12)
- <Possible follow-ups>
- Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING king_purba (May 12)