Penetration Testing mailing list archives
Re: Layer 2 arp snooping without Layer 3?
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Thu, 25 Oct 2007 19:35:10 +0200
Le jeudi 25 octobre 2007 à 10:44 +0300, Nikolaj a écrit :
Well you could poison one's cache but without you having an ip address it will be pointless. [...] and the kernel will most likely discard it). I think this is what will happen.
Not necessarily. You can sniff traffic and send it back to userland applications using a mechanism such as tuntap. On Linux, you can use ebtables framework to route traffic back to IP stack, then Netfilter to another local IP address. You just have to send it somewhere you have an IP address, but it does not have to be on the link you're sending your ARP cahce poisoning. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Layer 2 arp snooping without Layer 3? offset (Oct 24)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? offset (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Tim (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Cedric Blancher (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Nikolaj (Oct 25)
- Re: Layer 2 arp snooping without Layer 3? Cedric Blancher (Oct 25)
- <Possible follow-ups>
- Re: Layer 2 arp snooping without Layer 3? hackman (Oct 25)