I read up on it. It appears to have been developed for beneficial purposes but is also a hacker tool. The written material says its a set of tools actually The relevant one uses ARP, not ICMP. (There was no mention of ICMP being used.) It sends an ARP reply for the IP address of the default gateway. Actually it can send an ARP reply for anything. There's no need to be multihomed, but IP forwarding must be enabled or you'll get caught, as you say, (plus you wouldn't see anything because the target would loose its connections).
Priscilla At 07:43 PM 1/2/02, Steven A. Ridder wrote: >Dsniff uses icmp default gateway redirects (the ICMP message that tells >hosts that a differnt router has a better path to the destination network). >This will automatically make the user's PC redirect all traffic to your PC >dynamically (the client never knows about it), because he thinks you are a >router and that you'd be a better default gateway. You just have to have a >multihomed PC because you still need to forward the traffic to the >destination, otherwise you'll get caught. > >It's a pretty good hacking tool and has been ported from *nix to Windows for >years. Makes switches just like hubs again. Use this with L0phtCrack and >you can get NT PW's, etc.. > > >""Priscilla Oppenheimer"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > At 06:42 PM 1/2/02, Steven A. Ridder wrote: > > >As everyone else has said, this is normal for a shared access netowrk. >Look > > >for routing protocol updates and other things as well . On ATT's > > >cable-modem network you can see the ospf hello updates, who the DR and >BDR > > >is and other things. > > > > Yep, that's true. > > > > So now we have synergy between this thread and the Passive Interface > > thread! I like that! ;-) > > > > Making the cable interface a passive interface seems like a good idea for > > many reasons, including security and not just bandwidth usage. (The > > bandwidth used by Hellos has gotta be pretty minimal!) > > > > >It can be fun. > > > > A lot of people report seeing other broadcasts too, including NetBIOS, > > AppleTalk, etc. It's kind of scary. > > > > >Try dsniff or some other program and > > >you can see all the traffic on that network :) Be careful though >because > > >you will probably get slammed and don't forget to reroute the traffic >back > > >out or else someone will know something is wrong. > > > > What's dsniff? What does that let you see? And what's this about having to > > reroute? Can you tell us more? THANKS > > > > Priscilla > > > > > > > > > > >""Phil Barker"" wrote in message > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > Hi Group, > > > > I have been sniffing my broadband connection to > > > > my ISP today and have a few questions. > > > > > > > > My main gripe is that I'm being sent around 100 > > > > Arp requests per minute, which obviously I cannot > > > > resolve. These ARP requests are all originating from > > > > my default G/W at the ISP trying to resolve MAC > > > > addresses of various users. Can anyone confirm if this > > > > is usual or unusual. I cannot see this being correct > > > > since if I set my router up to be one of these IP > > > > addresses I can resolve it to my MAC address Eth 0 > > > > int' or any other mac-address for that matter. > > > > > > > > They also send me DHCP requests, IGMP requests > > > > for group 224.0.0.1 (Which I wish I could join) but > > > > cannot and lots of their private address information > > > > via the above mentioned ARP's. > > > > > > > > I also captured an attemt at an inbound TCP > > > > connection on a dynamic port which my router RST, > > > > thankfully. > > > > > > > > Are they wasting my B/W ? > > > > > > > > Thanx, > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Everything you'll ever need on one web page > > > > from News and Sport to Email and Music Charts > > > > http://uk.my.yahoo.com > > ________________________ > > > > Priscilla Oppenheimer > > http://www.priscilla.com ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30743&t=30689 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
