[nsp-sec] How to hijack traffic for an entire Content/Ad Company - ARP Poisoning revisited - 8800.org / 6600.org badness
Seth Hall
seth at net.ohio-state.edu
Thu Mar 27 10:55:47 EDT 2008
On Mar 27, 2008, at 10:32 AM, Lawrence Baldwin wrote:
>
> Who needs Adware...let's hack the content servers themselves and
> take ALL
> the traffic...sweeeet.
Thanks for that write up! We've seen a couple of instances of these
layer-2 tricks on our network, stemming from the laptops of Asian grad
students (the laptops were compromised). What you described is what
we've really been worrying about, seeing these same tricks on server
networks and I'm slightly more nervous now that it is actually
happening.
Here's a tool I ran across while I was investigating one of those
incidents:
ZXARPS: http://www.teamfurry.com/wordpress/2007/08/29/zxarps/
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list