lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <327646cd0512060941g13e403cake5add35d2b29850e@mail.gmail.com>
Date: Tue Dec  6 17:41:13 2005
From: ghooti at googlemail.com (Mark Knowles)
Subject: Packet sniffing help needed

Thanks!

I really appreciate the help.  I have found a new interest. no more
ASM for a month or 2

So those warning are "boiling water is hot!" - there is nothing i can
do about it - Its similar to the cash machines here now that have
stickers on them saying people can read you pin number always conceal
it when you type it in)

Still good to know.  After thinking about this a bit more then it
really does appear to be the wiretap thing - i suppose i never thought
of wire taps like that, where the CIA/FBI compromise the telephone
exchange - albeit with permission.

When you say manipulating the routing tables, this doesn't mean too
much to me (unless you are talking about DNS poisoning - although i
suspect its more) could you please send me some links to read up on. 
I know what routing table are, but that's about it :)

I know this is basic, but here is another ascii diagram

C1 - CR1 -=-=-=-=-= CR3 - C3
C2   --?                    --?

C1 - Victim user
CR1 - Victim Router1
C3 - Site
CR3 - Site Router

-=-= Ethernet 'aether' and hosts.

C2 - Attacker

CR3 would seem to be the target. so trace to the last ip then try to
compromise that.. would seem to be the logical explanation. I suppose
an alternative would be to map the network behind the router and go
for one of those machines then arp poison the router

attempting to get anything but 1 or 2 hops from the target site
(assuming that i don't know the victims ip) is best i can hope for to
capture all traffic.  anything in the -=- area might be worth it but
cannot guarantee success, and would need good log parsers/regex
strings.

Is this a  valid scenario? I think I'm on the right track now and I'm
gonna have some fun tonight - bloody hell, I'm getting excited by
trying this out ... time to sack the bird, she is getting too
expensive anyway... ;)

any furtehr reading would be appreciated.

Thanks,

Mark.

On 12/6/05, Joachim Schipper <j.schipper@...h.uu.nl> wrote:
> On Tue, Dec 06, 2005 at 04:26:19PM +0000, Mark Knowles wrote:
<quotes snipped for relevance and bandwidth>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ