From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Sun Dec 04 2005 - 14:55:45 EST
Le dimanche 04 décembre 2005 à 11:43 -0800, Thor (Hammer of God) a
écrit :
> Right--- agreed on all points-- I should have reworded "in the first place"
> using L2 and L3 distinction as you did. I was just pointing out that the
> solution all depends on what device we're working with and what the end to
> the mean is. Kind of hard to do when all the OP gives us is "I want to Ping
> a MAC address ;)
True.
> Oh, and the units are pretty cool- those old Axis cameras. There was an
> access point that allowed you to do the same thing (config with arbitrary IP
> via ARP) but I don't have it anymore. I'll try it on some of my LinkSys and
> NetGear boxes and see if they let me do that as well. Ya never know unless
> you try ;)
Definitly.
BTW, Axis cameras (especially older ones) are a lot of fun to play with
from an attacker point of vue. And I could see this kind of behaviour
with some embedded devices that do not implement a real IP stack. They
just grab frames and just the bits they need in payload. And they often
consider destination IP not to be checked. As far as they've received
the frame, it should have the correct destination ;)
Playing IP options with them can be fun too.
-- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:14 EDT