From owner-freebsd-questions Tue Dec 19 20:15:35 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 20:15:32 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from firefly.prairienet.org (firefly.prairienet.org [192.17.3.3]) by hub.freebsd.org (Postfix) with ESMTP id 2C76937B400; Tue, 19 Dec 2000 20:15:32 -0800 (PST) Received: from sherman.spotnet.org (slip-49.prairienet.org [192.17.3.69]) by firefly.prairienet.org (8.9.3/8.9.3) with ESMTP id WAA22780; Tue, 19 Dec 2000 22:15:23 -0600 (CST) Date: Tue, 19 Dec 2000 22:15:18 -0600 (CST) From: David Talkington X-Sender: To: Chuck Rock Cc: , Subject: RE: What anti-sniffer measures do i have? In-Reply-To: <009001c06a0a$b2163170$1805010a@epconline.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Chuck Rock wrote: >I believe most switches are Layer 2 which is MAC based. You would have to >know the MAC address of the computer you want to intercept traffic for, and >then your switch would have to give you the packets instead of erroring out >and or dropping the packets because you can't have two of the same MAC >addresses on the network. > >Has anyone actually gotten another's information spoofing MAC addresses? >I don't see how this could work. Play around with dsniff. On my test network at home, with two workstations (A and B) and a gateway router (C) on a 10/100 switch, I've been able to convince A that B was its router, and view A's traffic before sending it on to C. A putters away, and never even knows B is there. It's kinda scary. Far as I know, hard-coding an arp table is the only way to prevent that sort of thing ... someone please correct me if I'm wrong? -d To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message