-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, May 02, 2005 at 12:24:14PM -0700, Mark C. Ballew wrote: > This is arp cache poisoning. I believe ettercap has a plug-in that will > do this for you to aid in performing a man in the middle attack on ssh > connection setups.
Yep, you can create static arp table in Linux which I advise at least for certain routes that never change. I've described a successful arpoison attack in an old roothack "whitepaper". I basically added a couple lines to sshd which logged any user/passwd attempts to a file. In this wargame all the teams' machines were connected to another linux box directly via several NICs. Then I used arpoison to flood my MAC as that of the gateway. Several people from other teams tried to relogin despite the nasty ssh warning message about changed host keys. Whilst we are denying them access to their machines (unless they know some arp-fu) jduck logged in to their machines and rooted them with a kernel exploit. It seems the old site is no longer in existance. Oh well. You get the idea. peace, core -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCdoDtGAuLrxOyeJMRArIxAJ9HYVEW5Lm9Uk4+Lnfw328HuyKTzwCgmQW0 uHgZP/gMDg7n3XlwL1kGtis= =EWg5 -----END PGP SIGNATURE----- _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
