Re[2]: [hlds_linux] Reporting Server Hackers
MS> I'm still waiting for you to sniff a password from my clear-text MS> POP3 server. You don't have to tell us how and release this MS> exploit, just prove that it works by doing something useful. Just to back Britt up a bit: I've just read a documentation about ARP hacking techniques and I understand that it's possible to redirect and sniff a TCP connection from a client to the server but the IP of the client has to be known. -- Best regards, Jan <[EMAIL PROTECTED]> ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Britt Priddy (PZGN) wrote: > > Yeah - like I said - "I have no idea what I'm talking about" > Whats even more frightening is that I passed the CCIE exam with flying > colors - but I cheated right? :P Finally you admitted that. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
IF what you're talking about was even remotely possible, every website on Earth would have been hacked already, email passwords would be useless, and in fact considered a security risk, and anything unencrypted would be sniffed out by every script kiddy on the net. - Tyler "[TASF]Overkill" Schwend "Semper facere bonum, an a amare odium, vita mors." --- Server operator of [LCGA]Telefragged: Counter-Strike: telefragged.lynchburg.edu:27015 http://schwend-t.web.lynchburg.edu http://gamephilez.us > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Britt > Priddy (PZGN) > Sent: Wednesday, July 23, 2003 4:38 PM > To: [EMAIL PROTECTED] > Subject: RE: [hlds_linux] Reporting Server Hackers > > > > Yeah - like I said - "I have no idea what I'm talking about" > Whats even more frightening is that I passed the CCIE > exam with flying > colors - but I cheated right? :P > LOL - I'm outta this discussion - its only going to > lead to more wanna > be hackers on the net. > > Enjoy! > > > __ > Britt Priddy, CCIE > IP Data Engineer / Hostmaster > Power Zones Gaming Network > Cyberbasin Internet Services > 432.620.0051 ext. 106 > 432.688.0193 fax > > > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Mad > Scientist > Sent: Wednesday, July 23, 2003 3:32 PM > To: [EMAIL PROTECTED] > Subject: RE: [hlds_linux] Reporting Server Hackers > > > According to the great words of PZGN: > > That's ok - I know it's a Cisco MAC Address - but I > have to stop here > > - I'm not going to be the guy that spills out the > fire on how things > > are done behind the scenes. We can leave it at, "I > have no idea what > > I'm talking about" - or "I'm wrong and a wanna be > :P" - just for sakes > > > argument. So - back to hlds. > > Again, I'm not asking for you to "spill out the fire". > You don't have to > explain to me how it works. Just prove to me that it > does. You haven't > shown anything to support your claims other than the > fact that you can > sniff your own LAN. > > > > IP Data Engineer / Hostmaster > > Frightening thought that somebody who doesn't > understand Internet > routing could have that title. > > -Mad > > -- > "A proof is a proof. What kind of a proof? It's a > proof. A proof is a > proof. And when you have a good proof, it's because > it's proven." > > Prime Minister Jean Chrétien > > > ___ > To unsubscribe, edit your list preferences, or view > the list archives, > please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Kevin J. Anderson wrote: I cant believe you guys are STILL talking about this... Hey, this is one of the best and most productive discussions since months :) SCNR Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
Yeah - like I said - "I have no idea what I'm talking about" Whats even more frightening is that I passed the CCIE exam with flying colors - but I cheated right? :P LOL - I'm outta this discussion - its only going to lead to more wanna be hackers on the net. Enjoy! __ Britt Priddy, CCIE IP Data Engineer / Hostmaster Power Zones Gaming Network Cyberbasin Internet Services 432.620.0051 ext. 106 432.688.0193 fax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mad Scientist Sent: Wednesday, July 23, 2003 3:32 PM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] Reporting Server Hackers According to the great words of PZGN: > That's ok - I know it's a Cisco MAC Address - but I have to stop here > - I'm not going to be the guy that spills out the fire on how things > are done behind the scenes. We can leave it at, "I have no idea what > I'm talking about" - or "I'm wrong and a wanna be :P" - just for sakes > argument. So - back to hlds. Again, I'm not asking for you to "spill out the fire". You don't have to explain to me how it works. Just prove to me that it does. You haven't shown anything to support your claims other than the fact that you can sniff your own LAN. > IP Data Engineer / Hostmaster Frightening thought that somebody who doesn't understand Internet routing could have that title. -Mad -- "A proof is a proof. What kind of a proof? It's a proof. A proof is a proof. And when you have a good proof, it's because it's proven." Prime Minister Jean Chrétien ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
I cant believe you guys are STILL talking about this... ->-Original Message- ->From: [EMAIL PROTECTED] ->[mailto:[EMAIL PROTECTED] Behalf Of Frank ->Stollar ->Sent: Wednesday, July 23, 2003 4:33 PM ->To: [EMAIL PROTECTED] ->Subject: Re: [hlds_linux] Reporting Server Hackers -> -> ->Florian Zschocke wrote: ->> "Britt Priddy (PZGN)" wrote: ->> ->>>LOL Florian - that is where I sit. (the spoofed packet):P ->> ->> ->> LOL Britt - I'm not sure what you are trying to tell me. :) That MAC ->> address is a Cisco MAC address and I am 95% sure that Frank doesn't have ->> a NIC with a Cisco MAC address. So I guess I still didn't quite ->> understand your method there, really. -> ->Oh, I can give you 100% :) ->For those not knowing what we talk about, the first 3 hex digits are ->dedicated to certain manufacturer. -> ->Here you can take a look: ->http://standards.ieee.org/regauth/oui/index.shtml -> ->Serching for cisco gave you besides many other entries this: -> ->00-09-B7 (hex) Cisco Systems ->0009B7 (base 16) Cisco Systems -> 80 West Tasman Dr. -> SJ-M/1 -> San Jose CA 94134 -> UNITED STATES -> ->Looking at the MAC Brit is providing 00:09:b7:27:84:a0 we can easily see ->that is the MAC of a CISCO product. -> ->Looking at the MAC of my NIC 00:00:CB:56:56:CC will reveal: -> ->00-00-CB (hex) COMPU-SHACK ELECTRONIC GMBH ->CB (base 16) COMPU-SHACK ELECTRONIC GMBH -> RINGSTR. 56 - 58, 5450 NEUWIED -> WEST GERMANY -> ->This is correct, at they build this TULIP card build in. -> ->cheers ->Frank -> ->___ ->To unsubscribe, edit your list preferences, or view the list ->archives, please visit: ->http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Florian Zschocke wrote: "Britt Priddy (PZGN)" wrote: LOL Florian - that is where I sit. (the spoofed packet):P LOL Britt - I'm not sure what you are trying to tell me. :) That MAC address is a Cisco MAC address and I am 95% sure that Frank doesn't have a NIC with a Cisco MAC address. So I guess I still didn't quite understand your method there, really. Oh, I can give you 100% :) For those not knowing what we talk about, the first 3 hex digits are dedicated to certain manufacturer. Here you can take a look: http://standards.ieee.org/regauth/oui/index.shtml Serching for cisco gave you besides many other entries this: 00-09-B7 (hex)Cisco Systems 0009B7 (base 16)Cisco Systems 80 West Tasman Dr. SJ-M/1 San Jose CA 94134 UNITED STATES Looking at the MAC Brit is providing 00:09:b7:27:84:a0 we can easily see that is the MAC of a CISCO product. Looking at the MAC of my NIC 00:00:CB:56:56:CC will reveal: 00-00-CB (hex)COMPU-SHACK ELECTRONIC GMBH CB (base 16)COMPU-SHACK ELECTRONIC GMBH RINGSTR. 56 - 58, 5450 NEUWIED WEST GERMANY This is correct, at they build this TULIP card build in. cheers Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
According to the great words of PZGN: > That's ok - I know it's a Cisco MAC Address - but I have to stop here - > I'm not going to be the guy that spills out the fire on how things are > done behind the scenes. We can leave it at, "I have no idea what I'm > talking about" - or "I'm wrong and a wanna be :P" - just for sakes > argument. So - back to hlds. Again, I'm not asking for you to "spill out the fire". You don't have to explain to me how it works. Just prove to me that it does. You haven't shown anything to support your claims other than the fact that you can sniff your own LAN. > IP Data Engineer / Hostmaster Frightening thought that somebody who doesn't understand Internet routing could have that title. -Mad -- "A proof is a proof. What kind of a proof? It's a proof. A proof is a proof. And when you have a good proof, it's because it's proven." Prime Minister Jean Chrétien ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
According to the great words of Florian Zschocke: > Well, then excuse me for being a nitpicker but since this subject is > infested with too much half-truths and incomplete facts, I thought it > was worth pointing out that this statement wasn't a bit unprecise. :) No > offence. Since we're maximizing precision, I believe you meant "imprecise" not "unprecise" :P -Mad -- "A proof is a proof. What kind of a proof? It's a proof. A proof is a proof. And when you have a good proof, it's because it's proven." Prime Minister Jean Chrétien ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
That's ok - I know it's a Cisco MAC Address - but I have to stop here - I'm not going to be the guy that spills out the fire on how things are done behind the scenes. We can leave it at, "I have no idea what I'm talking about" - or "I'm wrong and a wanna be :P" - just for sakes argument. So - back to hlds. __ Britt Priddy, CCIE IP Data Engineer / Hostmaster Power Zones Gaming Network Cyberbasin Internet Services 432.620.0051 ext. 106 432.688.0193 fax -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florian Zschocke Sent: Wednesday, July 23, 2003 3:13 PM To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Reporting Server Hackers "Britt Priddy (PZGN)" wrote: > > LOL Florian - that is where I sit. (the spoofed packet):P LOL Britt - I'm not sure what you are trying to tell me. :) That MAC address is a Cisco MAC address and I am 95% sure that Frank doesn't have a NIC with a Cisco MAC address. So I guess I still didn't quite understand your method there, really. Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
According to the great words of PZGN: > Ok - to clear the confusion - this is done by spoofing and placing > yourself on that local segment - and you can obtain any MAC address you > are able to connect to - note I pulled the MAC of the IP of the guy that > asked me to look at it - this was done by sitting on his network with a > spoofed packet to his game server and did an ARP Request. But you didn't get his MAC address. He showed that in an earlier post. >From what I have seen, it appears that you got the address of your default gateway and then sniffed your own network. That's really handy... I'm still waiting for you to sniff a password from my clear-text POP3 server. You don't have to tell us how and release this exploit, just prove that it works by doing something useful. -Mad -- "A proof is a proof. What kind of a proof? It's a proof. A proof is a proof. And when you have a good proof, it's because it's proven." Prime Minister Jean Chrétien ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
"Britt Priddy (PZGN)" wrote: > > LOL Florian - that is where I sit. (the spoofed packet):P LOL Britt - I'm not sure what you are trying to tell me. :) That MAC address is a Cisco MAC address and I am 95% sure that Frank doesn't have a NIC with a Cisco MAC address. So I guess I still didn't quite understand your method there, really. Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Frank Stollar wrote: > > Sorry for the simple misunderstanding as I only talked about 'ethernet > ARP' as we are taking about MAC addresses. Well, then excuse me for being a nitpicker but since this subject is infested with too much half-truths and incomplete facts, I thought it was worth pointing out that this statement wasn't a bit unprecise. :) No offence. Florian ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Britt Priddy (PZGN) wrote: Ok - to clear the confusion - this is done by spoofing and placing yourself on that local segment - and you can obtain any MAC address you are able to connect to - note I pulled the MAC of the IP of the guy that asked me to look at it - this was done by sitting on his network with a spoofed packet to his game server and did an ARP Request. I'll just tell you its very possible and its done everyday - I do not feel its my place to tell someone how to 'hack' and/or spoof to gain access to a segment of a network to listen to the broadcasted traffic. You didn't answer my question! I was the guy asked you for the MAC of 141.84.69.34, and the MAC you gave me is definitly wrong! Read it again: As for your machine - I see SSH running that's pretty much it as far as anything I can connect to to establish an open connection. IP 141.84.69.34 = MAC = 00:09:b7:27:84:a0 Almost 99% UDP traffic is seen Look for yourself: bigbadaboom:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:00:CB:56:56:CC inet addr:10.150.127.30 Bcast:10.150.127.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:121311890 errors:1 dropped:0 overruns:0 frame:0 TX packets:99285661 errors:60 dropped:0 overruns:0 carrier:60 collisions:0 txqueuelen:100 RX bytes:2021109323 (1.8 GiB) TX bytes:1738254273 (1.6 GiB) Interrupt:10 Base address:0xc00 eth0:0Link encap:Ethernet HWaddr 00:00:CB:56:56:CC inet addr:141.84.69.34 Bcast:141.84.69.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xc00 As you can see is the HWaddr=MAC not the same you specified. The 99% UDP traffic is easy to guess, if you scan the machine for services and found a few CS servers running. This can be provided with nmap or similiar port scanners. Please explain why you told us a wrong MAC if this is foolproof? I can give you another example: 141.84.69.28, tell me the MAC of that machine. If you cannot give me the MAC of my machine, how will you than spoof my MAC at all? Or even sniff the traffic itself? You must give more evidence and argument to strenghten your position. If you are right, you should bring any proof with it. cheers Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
"Britt Priddy (PZGN)" wrote: > > Ok - to clear the confusion - this is done by spoofing and placing > yourself on that local segment - and you can obtain any MAC address you > are able to connect to Right, any MAC address you are able to *connect to*. You are not able to connect to any MAC address outside your link level subnet. > - note I pulled the MAC of the IP of the guy that > asked me to look at it - this was done by sitting on his network with a > spoofed packet to his game server and did an ARP Request. No, you pulled the MAC address of the Cisco router which is your gateway to the guy's machine. ARP requests are not routed unless the router is broken. If you know different, please show is the ARP package that you "spoofed". > I'll just > tell you its very possible and its done everyday - I do not feel its my > place to tell someone how to 'hack' and/or spoof to gain access to a > segment of a network to listen to the broadcasted traffic. You keep telling us stuff but haven't answered any question sastifactorily nor provided any evidence for your statements. You'll have to do better than that. Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Florian Zschocke wrote: Frank Stollar wrote: Espacially this would be very hard if anywhere between two routers is no ethernet-link but ATM or any other Layer2 protocol. In no other Layer2 are ARPs present. Uhm, no. ARP is not restricted to Ethernet. As ATM hast no MAC adresses, ARP would not work. There you use ATMARP, similiar to ARP on ethernet. Ok these are also 'ARPs' but not that ARP we are reffering for spoofing. http://www.faqs.org/rfcs/rfc2225.html And also written in the first PDF document I refered: http://www.rootsecure.net/content/downloads/pdf_downloads/arp_spoofing_intro.pdf "This paper deals with the subject of ARP spoofing. ARP spoofing is a method of exploiting the interaction of IP and Ethernet protocols. It is only applicable to Ethernet networks running IP." And as we talk about getting the MAC of a network card on the internet, which does not appear or travel through ATM except by Eth-over-ATM. Every network technologie hast something similiar to address resolution ARP, but they are not dealing with MAC addresses as ethernet does. As you can see, I refer ARP as 'ethernet ARP' as the most common situation. Sorry for the simple misunderstanding as I only talked about 'ethernet ARP' as we are taking about MAC addresses. cheers Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Florian Zschocke wrote: > > Espacially this would be very hard if anywhere between two routers is no > > ethernet-link but ATM or any other Layer2 protocol. In no other Layer2 > > are ARPs present. > > Uhm, no. ARP is not restricted to Ethernet. But on the other hand some historic PROnet or ARCnet equipment can probably cost you much more than fiberoptic one, unless found on dump :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
LOL Florian - that is where I sit. (the spoofed packet):P -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Florian Zschocke Sent: Wednesday, July 23, 2003 2:27 PM To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Reporting Server Hackers "Britt Priddy (PZGN)" wrote: > > As for your machine - I see SSH running that's pretty much it as far > as anything I can connect to to establish an open connection. IP > 141.84.69.34 = MAC = 00:09:b7:27:84:a0 Almost 99% UDP traffic is seen > - which as you probably know is just raw data in clear text (probably > your cs/tfc server) Someone is running a cs/tfc server on a Cisco router? Wow, that is a new one to me! :) SCNR, Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] Reporting Server Hackers
Ok - to clear the confusion - this is done by spoofing and placing yourself on that local segment - and you can obtain any MAC address you are able to connect to - note I pulled the MAC of the IP of the guy that asked me to look at it - this was done by sitting on his network with a spoofed packet to his game server and did an ARP Request. I'll just tell you its very possible and its done everyday - I do not feel its my place to tell someone how to 'hack' and/or spoof to gain access to a segment of a network to listen to the broadcasted traffic. Britt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Frank Stollar Sent: Wednesday, July 23, 2003 1:28 PM To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] Reporting Server Hackers Well, nice you give an complete answer on my questions. But there are some points I strongly disagree: Britt Priddy (PZGN) wrote: > I understand the logic you're thinking and how easy it is to 'sniff' > traffic even on a network that is not inline - but all you have to do > is get an arp request from the IP in question - which then gives you > the MAC Address of that Network card Sorry that is impossible as, like Mad said already, MAC addresses are for local links only and do not cross over routers. > Ie - say you have a web server running - I can > establish a connection with that server and knowing its MAC Address > and IP - I can lock onto and watch all inbound/outbound traffic (in > TCP Packet view) - save the log - then parse through it to see the > data - its time consuming as hell. I will try me in clearifing: ###--###-### ^^ ^ VictimRouter Attacker If you establish a connection to 'Victim' you will send an ARP request for that IP to the router between us. This router itself know, that this IP you request is on the other side. So the router will answer _your_ ARP-request with HIS MAC. Ok, now you are sending the IPv4 packet with destination IPv4 of 'Victim' to the MAC address you got from your ARP-request, the MAC of the router. The router itself does also not know the MAC for the IP of the 'Victim' and send also an ARP-reqeust to the left side. This will be answerd by the 'Victim' machine by his MAC. Now the router is sending your IPv4 packet to the MAC of 'Victim'. When Victim wants to answer the packet it goes vice versa, send an ARP-request which will be answered by the router. Send the IP packet to the router which will ARP-request the IP of 'Attacker' and will send the answering IP packet to the MAC of Attacker but with his OWN MAC. > As for your machine - I see SSH running that's pretty much it as far > as anything I can connect to to establish an open connection. IP > 141.84.69.34 = MAC = 00:09:b7:27:84:a0 Almost 99% UDP traffic is seen > - which as you probably know is just raw data in clear text (probably > your cs/tfc server) Look for yourself: bigbadaboom:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:00:CB:56:56:CC inet addr:10.150.127.30 Bcast:10.150.127.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:121311890 errors:1 dropped:0 overruns:0 frame:0 TX packets:99285661 errors:60 dropped:0 overruns:0 carrier:60 collisions:0 txqueuelen:100 RX bytes:2021109323 (1.8 GiB) TX bytes:1738254273 (1.6 GiB) Interrupt:10 Base address:0xc00 eth0:0Link encap:Ethernet HWaddr 00:00:CB:56:56:CC inet addr:141.84.69.34 Bcast:141.84.69.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xc00 As you can see is the HWaddr=MAC not the same you specified. The 99% UDP traffic is easy to guess, if you scan the machine for services and found a few CS servers running. This can be provided with nmap or similiar port scanners. > I seen you had players online and did not want > to chance interfering with that so I did not try connecting to your > half-life ports to gain a connection. So I did it to a friends server > and it basically floods you with UDP traffic - which is in clear text > but also has binary data in the UDP packets - but if you streamed that > to a file for a good awhile and had the patience to thumb through it - > sooner or later you'd see what you was looking for. If you are disturbing connections of the victim, you are not sniffing anymore. The definition of 'sniffing' is to read the data of the packets of a established connection without modifing or altering them. If you are do ARP spoofing, which is also very limited, you are distroying the connections between 'Victim' and 'Client'. This can be compensated to a certain degree but is also easly detectable. > And in someone just posted: > ">It cannot be done until you compromise one of linkpath routers or > you will be connected with that router through Ethernet link. > >>Ofcourse arpspoofi
Re: [hlds_linux] Reporting Server Hackers
Florian Zschocke wrote: > Someone is running a cs/tfc server on a Cisco router? Wow, that is a new > one to me! :) Well, you can "forward" ports :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Frank Stollar wrote: > > Espacially this would be very hard if anywhere between two routers is no > ethernet-link but ATM or any other Layer2 protocol. In no other Layer2 > are ARPs present. Uhm, no. ARP is not restricted to Ethernet. Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
"Britt Priddy (PZGN)" wrote: > > As for your machine - I see SSH running that's pretty much it as far as > anything I can connect to to establish an open connection. > IP 141.84.69.34 = MAC = 00:09:b7:27:84:a0 > Almost 99% UDP traffic is seen - which as you probably know is just raw > data in clear text (probably your cs/tfc server) Someone is running a cs/tfc server on a Cisco router? Wow, that is a new one to me! :) SCNR, Florian. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] Reporting Server Hackers
Britt Priddy (PZGN) wrote: > I understand the logic you're thinking and how easy it is to 'sniff' > traffic even on a network that is not inline - but all you have to do is > get an arp request from the IP in question - which then gives you the Which you cannot get, unless you are on the same Ethernet, and that puts to end that lecture. 2nd OSI layer protocols do not pass through 3rd OSI layer, where IP protocol routing takes place (unless encapsulated). (Ethernet) Addres Resolution Protocol was designed for simple CSMA/CD networks and it remains there. To all interested in intercepting all traffic from your gateway on switched LAN, go and see: http://ettercap.sourceforge.net/ You will find there source with documentation. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux