TaoSecurity: ARP Spoofing in Real Life cá cược thể thao bet365_cách nạp tiền vào bet365

Friday, July 06, 2007

ARP Spoofing in Real Life

I teach various layer 2 attacks in my TCP/IP Weapons School class. Sometimes I wonder if students are thinking "That is so old! Who does that anymore?" In response I mention last year's Freenode incident where Ettercap was used in an ARP spoofing attack.

Thanks to Robert Hensing's pointer to Neil Carpenter's post, I have anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r documented ARP spoofing attack. Here a malicious IFRAME is injected into traffic by ARP spoofing a gateway. We cover that in my Black Hat class, both of which are now officially full.

Please remember that TCP/IP Weapons School is a traffic analysis class. I believe I cover cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most complicated network traces presented in any similar forum. All you need to get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most out of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class is a laptop running a recent version of Wireshark. The class is not about demonstrating tools or having students run tools. Ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r classes do a better job with that sort of requirement. The purpose of this class is to become a better network security analyst by deeply understanding how certain network-based attacks work. I provide all of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information needed to replicate cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 attack if so desired, but that is not my goal.

12 comments:

dre said...: If somebody combined AttackAPI with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se Ettercap filters or airpwn, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y could own cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whole browser. The "XSS Attacks" book covers this.

The only way to stop that sort of attack for sure would be to run a browser with no support of Javascript (Javascript turned off, or using NoScript may not be enough) -or- to make sure that all your browser traffic is encrypted by an IPSec tunnel, SSL VPN, or very similar encrypted method.

I guess this would be a good reason to stress cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 use of IPSec or SSL VPN for all outgoing connections while using WiFi, and possibly even on cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 LAN. The Cisco DAI feature prevents MITM attacks such as arp poisoning, but only under cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 right ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r conditions and configuration/environmental settings.; 12:07 PM
Anonymous said...: Hi Richard,
Since it looks like you're no longer going to be teaching "TCP/IP Weapons School", I was wondering if you had considered writing a book that covers cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 material found in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 course. Unfortunately, I haven't been fortunate enough to attend any of your classes, but I'd definitely buy a book that covers this material. Just my $0.02 and good luck at GE.; 3:59 PM
Richard Bejtlich said...: Hi Dave,

I am considering writing a book called Hacking TCP/IP Illustrated covering cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365se topics.; 4:05 PM
Anonymous said...: Awesome. Too bad it's so far away (end of 2008/beginning of 2009).; 4:22 PM
Anonymous said...: Richard, words can not express how sad I am that you apparently decided not to write a book on Sguil. I'm sure I'm not alone eicá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r, and I hope you end up changing your mind.; 7:17 PM
Richard Bejtlich said...: Anonymous,

I think a book on Sguil would be overkill. An ebook might work. However, I just don't have time for it now.; 8:19 PM
CG said...: any chance of you releasing any of those network traces to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 public since you wont be teaching cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 class anymore?; 12:58 PM
Anonymous said...: There might be interest in video reproductions of your classes.

Chuck; 3:21 PM
Richard Bejtlich said...: CG,

I will probably post cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 traces to OpenPacket.org when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 site is live.

Chuck,

I've considered video but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 cost and time requirements are prohibitive.; 8:30 PM
Gaurav said...: This comment has been removed by a blog administrator.; 6:03 AM
Anonymous said...: Looks like cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365re's anocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r one to add to your list:
http://www.avertlabs.com/research/blog/index.php/2007/10/04/arp-spoofing-is-your-web-hosting-service-protected/; 9:42 AM
Anonymous said...: This comment has been removed by a blog administrator.; 6:49 AM