i guess I got them mixed up. Now I can't remember the tool that uses ICMP redirects to do the same thing. I thought the other one did the arp spoofing. I'll try and find it as it's more clever.
""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I read up on it. It appears to have been developed for beneficial purposes > but is also a hacker tool. The written material says its a set of tools > actually The relevant one uses ARP, not ICMP. (There was no mention of ICMP > being used.) It sends an ARP reply for the IP address of the default > gateway. Actually it can send an ARP reply for anything. There's no need to > be multihomed, but IP forwarding must be enabled or you'll get caught, as > you say, (plus you wouldn't see anything because the target would loose its > connections). > > Priscilla > > At 07:43 PM 1/2/02, Steven A. Ridder wrote: > >Dsniff uses icmp default gateway redirects (the ICMP message that tells > >hosts that a differnt router has a better path to the destination network). > >This will automatically make the user's PC redirect all traffic to your PC > >dynamically (the client never knows about it), because he thinks you are a > >router and that you'd be a better default gateway. You just have to have a > >multihomed PC because you still need to forward the traffic to the > >destination, otherwise you'll get caught. > > > >It's a pretty good hacking tool and has been ported from *nix to Windows for > >years. Makes switches just like hubs again. Use this with L0phtCrack and > >you can get NT PW's, etc.. > > > > > >""Priscilla Oppenheimer"" wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > At 06:42 PM 1/2/02, Steven A. Ridder wrote: > > > >As everyone else has said, this is normal for a shared access netowrk. > >Look > > > >for routing protocol updates and other things as well . On ATT's > > > >cable-modem network you can see the ospf hello updates, who the DR and > >BDR > > > >is and other things. > > > > > > Yep, that's true. > > > > > > So now we have synergy between this thread and the Passive Interface > > > thread! I like that! ;-) > > > > > > Making the cable interface a passive interface seems like a good idea for > > > many reasons, including security and not just bandwidth usage. (The > > > bandwidth used by Hellos has gotta be pretty minimal!) > > > > > > >It can be fun. > > > > > > A lot of people report seeing other broadcasts too, including NetBIOS, > > > AppleTalk, etc. It's kind of scary. > > > > > > >Try dsniff or some other program and > > > >you can see all the traffic on that network :) Be careful though > >because > > > >you will probably get slammed and don't forget to reroute the traffic > >back > > > >out or else someone will know something is wrong. > > > > > > What's dsniff? What does that let you see? And what's this about having > to > > > reroute? Can you tell us more? THANKS > > > > > > Priscilla > > > > > > > > > > > > > > > >""Phil Barker"" wrote in message > > > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Hi Group, > > > > > I have been sniffing my broadband connection to > > > > > my ISP today and have a few questions. > > > > > > > > > > My main gripe is that I'm being sent around 100 > > > > > Arp requests per minute, which obviously I cannot > > > > > resolve. These ARP requests are all originating from > > > > > my default G/W at the ISP trying to resolve MAC > > > > > addresses of various users. Can anyone confirm if this > > > > > is usual or unusual. I cannot see this being correct > > > > > since if I set my router up to be one of these IP > > > > > addresses I can resolve it to my MAC address Eth 0 > > > > > int' or any other mac-address for that matter. > > > > > > > > > > They also send me DHCP requests, IGMP requests > > > > > for group 224.0.0.1 (Which I wish I could join) but > > > > > cannot and lots of their private address information > > > > > via the above mentioned ARP's. > > > > > > > > > > I also captured an attemt at an inbound TCP > > > > > connection on a dynamic port which my router RST, > > > > > thankfully. > > > > > > > > > > Are they wasting my B/W ? > > > > > > > > > > Thanx, > > > > > > > > > > Phil > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > > Do You Yahoo!? > > > > > Everything you'll ever need on one web page > > > > > from News and Sport to Email and Music Charts > > > > > http://uk.my.yahoo.com > > > ________________________ > > > > > > Priscilla Oppenheimer > > > http://www.priscilla.com > ________________________ > > Priscilla Oppenheimer > http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=30774&t=30689 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
