On Thursday 05 October 2006 18:49, Kevin Aebig wrote:
Maybe I'm a bit naïve in this department, but isn't the following pretty
well fact:
1 - MitM attacks were initially born from Wireless Network Hacking, not on
location.
Geez, Err, no ?
See, for instance, the US navy fitting subs out with
On Wednesday 04 October 2006 17:24, Bobby Hartsfield wrote:
You wouldnt inspect or rewrite anything more than a router would. All you
have to do is adjust the headers (just like the router does) for local
traffic then send the packets out the NIC that you are monitoring.
Ethereal, Ettercap or
Eavesdropping is simply reading the packets on the network meant for someone
else. A MitM is an extension of that since you don't simply listen and read
packets, you play a huge role in directing the traffic as well.
If you really WANTED to rewrite data in the payload of the packets and
change
On Thursday 05 October 2006 13:57, Bobby Hartsfield wrote:
, I still
don't see how the computer that the attack originates from could be
considered a proxy more so than a router
Because routers do not change the body of packets.
--
Tom Chiverton
Helping to biannually deploy end-to-end
Why does the modification of payload keep coming up? Again... I never said
anything about changing the body of packets and there is no need to do so
just to perform a mitm to READ data.
Before someone responds to that with then there is no need to perform a
complete mitm to simply READ data
On Thursday 05 October 2006 14:38, Bobby Hartsfield wrote:
Why does the modification of payload keep coming up?
Because that's what makes something a proxy and not a router, and you said '[I
can't] see how the computer that the attack originates from could be
considered a proxy more so than a
Because that's what makes something a proxy and not a router
Ok, I think I've made it clear that a mitm does not have to modify payloads
in order to be successful so with that still in mind (since I've hammered
that point into the ground thus far)... if, by your own definition,
modifying packet
On Thursday 05 October 2006 16:29, Bobby Hartsfield wrote:
router into a proxy, why would you support the theory that the machine that
a mitm originates from is anything like a proxy
In the sense it intercepts traffic, it is.
Anyways. I think we're arguing from the same sides of the street,
Ok, I think I've made it clear that a mitm does not have to
modify payloads in order to be successful ...
Wouldn't the payloads need to be modified, if they're encrypted using SSL?
If you trick the client into talking to your machine instead of the intended
host, and you present a certificate
Maybe I'm a bit naïve in this department, but isn't the following pretty
well fact:
1 - MitM attacks were initially born from Wireless Network Hacking, not on
location.
2 - A good business based Switch or Firewall, properly configured can and
will prevent / alert against most inhouse hacks /
These attacks are pretty difficult. They are not born from Wireless Nework
Hacking, but have existed for years, and have their roots in the wired
networks.
Switches don't always prevent these attacks. Although a switch should
separate where the data goes and makes sniffing harder, it's a
Maybe I'm a bit naïve in this department, but isn't the following
pretty well fact:
1 - MitM attacks were initially born from Wireless Network Hacking,
not on location.
I don't know the origin of the first mitm but I would have to think it was
before wireless was main stream.
2 - A good
OK perhaps I got lost in the thread then, you and Dave were giving it some
there.
What exactly are you saying that can be done ?
Russ
-Original Message-
From: Bobby Hartsfield [mailto:[EMAIL PROTECTED]
Sent: 04 October 2006 00:50
To: CF-Talk
Subject: RE: Break it down for n00bs:
Well you could always use the ploy that is being used with spoofed bank
sites.
User thinks they are going yo www.barclaysbank.co.uk
But your really sending them to www.barclayswank.co.uk which has a valid
SSL, so nothing looks amis.
Russ
-Original Message-
From: Dave Watts
On 10/4/06, Snake [EMAIL PROTECTED] wrote:
Well you could always use the ploy that is being used with spoofed bank
sites.
User thinks they are going yo www.barclaysbank.co.uk
But your really sending them to www.barclayswank.co.uk which has a valid
SSL, so nothing looks amis.
Russ
I think
Well you could always use the ploy that is being used with
spoofed bank sites.
User thinks they are going yo www.barclaysbank.co.uk But your
really sending them to www.barclayswank.co.uk which has a
valid SSL, so nothing looks amis.
Yes, that'll certainly work. And I enjoyed your example
On Tuesday 03 October 2006 23:00, Bobby Hartsfield wrote:
The only thing left to give you away would be the actual IP address. If
someone saw that... say... supersecureremotesite.com was a 10.10.10.10 or
192.168 address (and knew what they were looking at) they might get a
You could get around
Yes the word router has a specific meaning and this IS it. When you
actually accomplish a simple mitm, let me know which one you think it is
then.
You take over for the gateway/router to 'outside' of the network that you
are on and ROUTE traffic in it's place. If that's not a router I dont know
What exactly are you saying that can be done?
You're kidding me right?
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.407 / Virus Database: 268.12.12/462 - Release Date: 10/3/2006
~|
Yes the word router has a specific meaning and this IS it.
No, it isn't.
When you actually accomplish a simple mitm, let me know which
one you think it is then.
I sincerely doubt that I will ever accomplish a real attack, since I would
have to be either a pen tester or a trespasser to do
I sincerely doubt that I will ever accomplish a real attack, since
I would have to be either a pen tester or a trespasser to do so
sarcasm
Yeah, because you know... those are the only 2 reasons that anyone would try
any such thing...
/sarcasm
Routing is not routing
Uhh... ok... is it
On Wednesday 04 October 2006 13:49, Bobby Hartsfield wrote:
Yes the word router has a specific meaning and this IS it. When you
actually accomplish a simple mitm, let me know which one you think it is
then.
Are you (trying to) claim that proxies like Squid are routers ?
--
Tom Chiverton
I'm not the one who brought up proxies. And there is no need for squid (or
the like) in a common mitm. So no? I'm not? Even remotely?
-Original Message-
From: Tom Chiverton [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 9:52 AM
To: CF-Talk
Subject: Re: Break it down for
On Wednesday 04 October 2006 15:19, Bobby Hartsfield wrote:
I'm not the one who brought up proxies. And there is no need for squid (or
the like) in a common mitm. So no? I'm not? Even remotely?
Right.
So what are you claiming ?
--
Tom Chiverton
Helping to collaboratively engineer cross-media
That in a mitm, you route traffic in place of the router and that makes you
NOT a proxy but more so a router?
It doesnt much matter it was a stupid argument and I shouldn't have bit...
You aren't TECHNIALLY either so who cares.
-Original Message-
From: Tom Chiverton [mailto:[EMAIL
On Wednesday 04 October 2006 16:12, Bobby Hartsfield wrote:
That in a mitm, you route traffic in place of the router and that makes you
NOT a proxy but more so a router?
A router takes packets from one network, and passes them to another, possibly
rewriting the headers on the way. A router
LMAO!! Warriors of the net!! Yeah, unfortunately I have seen that lol.. wow
flashback. How about dont copy that floppy? lol ok ok...
No one ever said anything about rewriting the content of packets (that I
remember)... but it only helps support the theory that your computer is
more of a router
sarcasm
Yeah, because you know... those are the only 2 reasons that
anyone would try any such thing...
/sarcasm
Seriously, what's a third reason why you might attack someone else's
network?
Routing is not routing
Uhh... ok... is it switching? Lol
You had routing in quotes earlier, but
smartass shtick
Pot -- kettle?
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 04, 2006 1:56 PM
To: CF-Talk
Subject: RE: Break it down for n00bs: security problems of non-SSL intrane
t?
sarcasm
Yeah, because you know... those are the only 2
On 10/4/06, Dave Watts [EMAIL PROTECTED] wrote:
Seriously, what's a third reason why you might attack someone else's
network?
The quest for knowledge!
Seriously, replace attack with some nicer word, and maybe you have
an argument like I was testing the lock, so to speak.
Seeing as how
On Monday 02 October 2006 23:32, Dave Watts wrote:
certificate. The only effective man-in-the-middle attack you could make
here is if you tricked people into going to your site instead of the target
site, then had your site make SSL requests to the target site
..
prohibitively expensive to
Do you know what a MItM attack is? Middle is just that... the
middle. Middle of what? The very same endpoints you
mentioned... the client and the server.
Basically you trick the client into believing you are the
server and trick the server into thinking you are the client
so all traffic
Well, like I said... wrong.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 03, 2006 8:40 AM
To: CF-Talk
Subject: RE: Break it down for n00bs: security problems of non-SSL intrane
t?
Do you know what a MItM attack is? Middle is just that... the
Well, like I said... wrong.
I guess I can't argue with that. How about a link, or something?
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
Fig Leaf Software provides the highest caliber vendor-authorized
instruction at our training centers in Washington DC, Atlanta,
Chicago,
Again, like I said... I left details out intentionally and I won't post them
now just because you asked.
I'm certain you can find more details out there in that vast world of info.
I'm also sure it's probably been detailed by some fame crazed wannabe who
has grabbed onto the recent IPTV craze
Again, like I said... I left details out intentionally and I
won't post them now just because you asked.
OK. I can understand that you don't want to release this sensitive
information to the world. But typically, one could point to something which
would describe the existence of a
Because if you're talking about self-signed certs, that's
been discussed previously
They weren't discussed, they were mentioned with the assumption that they
won't validate and/or would be easily detected by a prompt to accept them
unless they were stolen or bought... that assumption is wrong.
On Tuesday 03 October 2006 15:35, Dave Watts wrote:
[a very nice attempt to get Bobby to explain]
Rule number one from Mythological Beasts on Mailing Lists states do not
feed in the section on sub-bridge dwellers :-)
--
Tom Chiverton
Helping to revolutionarily strategize professional networks
I think the question was are you talking about certificates with a
validating signature? and I think I answered that... more or less. If it
wasn't clear, then YES I am talking about generated certs that will
validate 100% locally.
If by sub-bridge you mean 'the real world' where people know
SSL does not protect against the man in the middle attack because it doesn't
validate the identity of the client (which is done with client certificates,
and even then I'm not sure if it would help against the man in the middle
attack).
SSL is not a flaw in the case. It just doesn't prevent the
SSL does not protect against the man in the middle attack
because it doesn't validate the identity of the client (which
is done with client certificates, and even then I'm not sure
if it would help against the man in the middle attack).
Why wouldn't it, exactly? Client certificates use the
I think the question was are you talking about certificates
with a validating signature? and I think I answered that...
more or less. If it wasn't clear, then YES I am talking
about generated certs that will validate 100% locally.
I remember an exploit specific to IE around 2001 or so, in
What do you mean... what do I mean by local access? :-)
I mean local access as in opposite of remote access... as in physically
plugged into the network in question.
You are thinking of vulnerabilities in the make up of certs/SSL and there
arent any (that I know of) and that plays into it as
What do you mean... what do I mean by local access? :-)
I mean local access as in opposite of remote access... as in
physically plugged into the network in question.
I wasn't sure whether you mean access to a local machine or access to a
local network segment.
Now if you can fake a cert
I'd like to see that too.
I have never seen an invalid cert that doesn't match the domain NOT prompt
you with that information. That is the whole point in having them.
Russ
===
Dave said
I think I'll move on with my life in either case, thanks for asking. I
simply wanted you to point out some
I wasn't sure whether you mean access to a local machine or access
to a local network segment.
I was under the impression we were all on the same page there since the
thread was about an intranet.
It's worth pointing out that network administrators can disable
the ability of
It's worth
Hmm I never tried it with the wrong domain name in the cert. That may or may
not work but I personally never said it would or wouldn't ;-)
-Original Message-
From: Snake [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 03, 2006 7:33 PM
To: CF-Talk
Subject: RE: Break it down for n00bs:
Not quite sure where I would have lost you at. MiTM... SSL...
fake certs... no prompts...
Right there between fake certs and no prompts? In this thread, you've
said two things:
1. You can trick users into visiting your SSL site instead of someone
else's, and they'll click through the wrong
A MItM attack is more or less making your self the router... not a proxy.
I never said anything about sending a user to any site other than the real
one. Sorry, I dont know where you get that from.
-Original Message-
From: Dave Watts [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October
A MItM attack is more or less making your self the router...
not a proxy.
I don't think that's correct. Routers separate networks, and forward traffic
from one network to another, not from one host to another. And, for what
it's worth, most of the Mallory tools I've seen are called proxies.
If it's either, it's a router considering the steps that need be taken to
accomplish the attack and sniff information that the client is
sending/receiving from outside the network.
But w/e... you are just being flippant now anyway. Enjoy.
-Original Message-
From: Dave Watts
If it's either, it's a router considering the steps that need
be taken to accomplish the attack and sniff information that
the client is sending/receiving from outside the network.
The word router has a pretty specific meaning. This isn't it.
But w/e... you are just being flippant now
What are the security implications of having an intranet
*not* secured using SSL when it is behind an existing beefy
hardware firewall? I know it is standard practice to do so,
but what are the legit reasons for it? The site in question
runs on a cluster of ColdFusion 5 boxes running
Internally... you can sniff whatever you want with a man in
the middle 'attack'. SSL would just encrypt the payload
making it harder to get at.
(There are of course ways around that) SSL on an internal
network would do nothing but slow someone down or add an
extra step to the sniffing
Well first of all if you don't use a real certificate authority, but install
a self generated certificate, then using the man in the middle attack, the
other pc can install a self generated cert, and you wouldn't know it, since
all you would get is a warning. This of course requires dns/arp
Well first of all if you don't use a real certificate
authority, but install a self generated certificate, then
using the man in the middle attack, the other pc can install
a self generated cert, and you wouldn't know it, since all
you would get is a warning. This of course requires
The only effective man-in-the-middle attack you could make here
is if you tricked people into going to your site instead of the
target site
Wrong. I left out details intentionally but believe me... it's NOT the only
effective method of a MItM attack.
Second, if you are able to connect to a
57 matches
Mail list logo
