Riccardo Tortorici wrote:
Hi all,
I noticed this strange (?) behaviour:
i'm the admin of a debian woody workstation used by many clients as a gateway to another network. Of course I have the ip_forward set to "1" and everything go ok.
I tried to arp spoof a host with ettercap and suddenly all the clients were disconnected. I checked ip_forward and it was "0"!
I tried another time during the normal packet forwarding and it happened again. So the ip_forward switch from 1 to 0 when you try to do arp spoofing. How can it be possible?
Thanks in advance regards,
from man ettercap:
KNOWN-BUGS
- It is better that you don't launch ettercap on a host that is a gateway because man-in-the-middle attacks
require to disable ip_forwarding, it may cause problem with routing. But if you want to scan the LAN passively
the gateway is the right place to run ettercap... so be aware of what you are doing.
I RTFM :)
--
- Riccardo Tortorici -
Linux Registered User #365170
Count yourself @ http://counter.li.org/ !
--
HTML email can be dangerous, is not always readable, wastes bandwidth and is simply not necessary please don't send them to me!
If you don't know what I0m talking about please read this:
http://www.georgedillon.com/web/netiquette.shtml#charity
-- Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
18 Bottiglie di eccellenti vini Giordano + 7 specialit� alimentari +
* 1 carrello dispensa "Servant" in legno massiccio Tutto a met� prezzo!
* Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2621&d=2-9
