SecurityFocus

arp cache poisoning on a wifi network Jul 16 2008 10:51PM
Robin Wood (dninja gmail com) (4 replies)

Re: arp cache poisoning on a wifi network Jul 17 2008 12:11PM
Elton Ramos Carvalho (elton locknet com br) (1 replies)

Re: arp cache poisoning on a wifi network Jul 17 2008 01:34PM
Cedric Blancher (blancher cartel-securite fr) (1 replies)

Le jeudi 17 juillet 2008 à 09:11 -0300, Elton Ramos Carvalho a écrit :
> Have you checked if iptables is stoped?

AFAIK, iptables does not stop ARP traffic.

Maybe a hint:
http://content.ix2.com/showthread.php?t=1776

"Ok, from the source code (arpspoof.c) i take that if __linux__ is
defined, the attacker gets the client's MAC address by looking at
the response to the bootp packet (which, according to ethereal, is a
malformed packet)
However, in arp.c (arp_cache_lookup) it seems that only entries wrt
eth0 are looked for in the cache, so my arp entry concerning a
machine on eth1 is ignored...
All seems right now: i have changed eth0 in the code to eth1, and
indeed for most of the time the client's arp entry for the gateway
is now poisoned!"

Actually, ARPing target with BOOTP packet is kinda strange to me...
Hardcoded eth0 too :)

--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!

[ reply ]

Re: arp cache poisoning on a wifi network Jul 17 2008 04:14PM
Robin Wood (dninja gmail com)

Re: arp cache poisoning on a wifi network Jul 17 2008 05:32AM
Cedric Blancher (blancher cartel-securite fr)

Re: arp cache poisoning on a wifi network Jul 17 2008 01:45AM
Raul Siles (raul siles gmail com)

RE: arp cache poisoning on a wifi network Jul 16 2008 06:08AM
Sergio Castro (sergio castro unicin net)