Re: Spoofed IP address[Scanned]

From: Davie Elliott - Eluse (delliott@eluse.co.uk)
Date: Sat Sep 23 2006 - 14:22:59 EDT

• Next message: crazy frog crazy frog: "Re: Pen Test training"
• Previous message: Bud Gordon: "RE: cracking Y2k DC Admin password"
• In reply to: xun dong: "Spoofed IP address"
• Next in thread: Cedric Blancher: "Re: Spoofed IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

If I remember correctly, the attacker doesn't use the same IP address... its
sends a forged ARP packet to the server to change the MAC address entry into
the server's ARP table to point to the attackers IP.

I think the solution to this is to setup a broadcast listener... a machine
that listens to Transmissions over the broadcast IP such as ARP requests.
The broadcast listener should listen out for MAC and IP spoofing.

----- Original Message -----
From: "xun dong" <xundong@cs.york.ac.uk>
To: <pen-test@securityfocus.com>
Sent: Friday, September 22, 2006 4:54 PM
Subject: Spoofed IP address[Scanned]

> Thanks everyone who read and answer my question.
>
> Given a scenario as below:
>
> When someone wants to launch a man-in-the-middle attack on the
> communication between the client and server. In order to make it more
> transparent(hard to discover) can the attacker pretended to has the same
> IP address as the server(when handling the communication with client
> end) while pretending to has the same IP address as the client(when
> handling the communication with server end). If it is possible, can you
> tell me your solutions.
>
> This is not used to generate real attacks, it is just a concern I come
> cross when designing a communication system.
>
> Thanks a lot.
>
> Xun Dong
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
>
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: crazy frog crazy frog: "Re: Pen Test training"
• Previous message: Bud Gordon: "RE: cracking Y2k DC Admin password"
• In reply to: xun dong: "Spoofed IP address"
• Next in thread: Cedric Blancher: "Re: Spoofed IP address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:59 EDT