lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.58.0605102016420.26517@gandalf.hugo.vanderkooij.org>
Date: Wed, 10 May 2006 20:25:36 +0200 (CEST)
From: Hugo van der Kooij <hvdkooij@...derkooij.org>
To: bugtraq@...urityfocus.com
Subject: Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING


On Tue, 9 May 2006 king_purba@...oo.co.uk wrote:

> We know that tcp connection will close by sending RST flag.
> I try to connect to my openssh server on
> slackware 10 from my computer fedora core 4. Then using an
> openbsd 3.7, that had same network with slackware n fedora,
> try to overwrite ARP cache on my fedora core 4. After arp
> cache has been overwriten, all packet from fedora core 4
> to slackware 10 is ignored. May be this problem is not only
> on ssh but on other tcp protocol.

This is an issue with IP in general. Anyone who can spoof ARP entries in a
network can pretty much do anything they want on you LAN.

If there is a flaw then it is a flaw in your switch not protecting you
from such an ARP spoofing issue. There are tools to detect it at host
level and warn you about it.

Further recommended reading:
http://www.codeproject.com/internet/winarpspoof.asp
http://www.l0t3k.org/security/docs/arp/

And I'm sure there must be a load of other documents out there. These were
picked after a 5 second search with google.

I'm a bit puzzled why this message was in fact released on bugtraq as it
adds nothing new to the arp spoofing story.

Hugo.

-- 
	I hate duplicates. Just reply to the relevant mailinglist.
	hvdkooij@...derkooij.org		http://hvdkooij.xs4all.nl/
		Don't meddle in the affairs of magicians,
		for they are subtle and quick to anger.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ