To ask a related, equally uninformed question: If packets are diverted
through a sniffing host, will the sniffer address be enumerated on
traceroutes from either the source or the destination host to its
counterpart, or are there techniques to mask this? Thanks.
-Scott
Meidinger Christopher
<christopher.meidinger@ To: "'David Wallraff'"
<[EMAIL PROTECTED]>
badenIT.de> cc: "[EMAIL PROTECTED] Com
(E-Mail)"
<[EMAIL PROTECTED]>
06/26/2003 05:09 AM Subject: AW: AW: security-basics
Digest 18 Jun 2003 22:09:15 -0000 Issue 6
18
...NOW, you ask yourself how can i sniff on a switched network if all i get
is
stuff for me?
The answer is, you have to lie to the other machines telling them that you
are either their gateway, or that you are the machines that they want to
talk to. The technical details are out of the scope of this paper, but you
essentially get messages destined for other IP addresses delivered to your
MAC address and then send them yourself to the the real MAC address that
belongs to dst host after keeping a copy of the packet for yourself. This
takes a certain amount of skill (though not that much with automated tools,
see below) to do, but it is not beyond a novice.
...
Chris Meidinger
Tullastrasse 70
79108 Freiburg
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
