"Kenneth E. Lussier" wrote:
>
> Connections would be sniffed on the server side so that when you send a
> request to the server, you obtain the client-side ARP info, create a
> simultanious ARP update, and poison the servers ARP cache (or a router
> along the way). Then the info from the server is sent to you, and you
> pass it back to the client (basic MITM attack). All traffic between the
> client and the server is then passed through you before going to it's
> intended destination.
I understand what you've said here excepting one problem.
At the end point you say that the attacker is now the MITM. However,
I'm not sure I follow how this works. If the attempting MITM receives
the packets from the server to send back to the client they would
obviously have to falsify their IP address to appear to be that of the
server - correct? This is easy enough.
However, here's where I get confused. Now the client is sending more
data back to the server (probably in the form of an https document
request) - how do these packets now get rerouted to the MITM? Or is
this more of a "one directional" attack?
--
Give a man a match, and you keep him warm for an evening.
Light him on fire, and he's warm for the rest of his life.
Cole Tuininga
Network Admin
Code Energy, Inc
[EMAIL PROTECTED]
(603) 766-2208
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
