From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Thu Oct 25 2007 - 13:35:10 EDT
Le jeudi 25 octobre 2007 à 10:44 +0300, Nikolaj a écrit :
> Well you could poison one's cache but without you having an ip address
> it will be pointless. [...] and the kernel will most likely discard
> it). I think this is what will happen.
Not necessarily.
You can sniff traffic and send it back to userland applications using a
mechanism such as tuntap. On Linux, you can use ebtables framework to
route traffic back to IP stack, then Netfilter to another local IP
address.
You just have to send it somewhere you have an IP address, but it does
not have to be on the link you're sending your ARP cahce poisoning.
-- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:11 EDT