| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 May 2006 20:25:36 +0200 (CEST) From: Hugo van der Kooij <hvdkooij@...derkooij.org> To: bugtraq@...urityfocus.com Subject: Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING On Tue, 9 May 2006 king_purba@...oo.co.uk wrote: > We know that tcp connection will close by sending RST flag. > I try to connect to my openssh server on > slackware 10 from my computer fedora core 4. Then using an > openbsd 3.7, that had same network with slackware n fedora, > try to overwrite ARP cache on my fedora core 4. After arp > cache has been overwriten, all packet from fedora core 4 > to slackware 10 is ignored. May be this problem is not only > on ssh but on other tcp protocol. This is an issue with IP in general. Anyone who can spoof ARP entries in a network can pretty much do anything they want on you LAN. If there is a flaw then it is a flaw in your switch not protecting you from such an ARP spoofing issue. There are tools to detect it at host level and warn you about it. Further recommended reading: http://www.codeproject.com/internet/winarpspoof.asp http://www.l0t3k.org/security/docs/arp/ And I'm sure there must be a load of other documents out there. These were picked after a 5 second search with google. I'm a bit puzzled why this message was in fact released on bugtraq as it adds nothing new to the arp spoofing story. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. hvdkooij@...derkooij.org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger.
Powered by blists - more mailing lists