Date: Tue, 19 Dec 2000 22:15:18 -0600 (CST) From: David Talkington <dtalk@prairienet.org> To: Chuck Rock <carock@epconline.net> Cc: <security@FreeBSD.ORG>, <questions@FreeBSD.ORG> Subject: RE: What anti-sniffer measures do i have? Message-ID: <Pine.LNX.4.30.0012192209100.2606-100000@sherman.spotnet.org> In-Reply-To: <009001c06a0a$b2163170$1805010a@epconline.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Rock wrote: >I believe most switches are Layer 2 which is MAC based. You would have to >know the MAC address of the computer you want to intercept traffic for, and >then your switch would have to give you the packets instead of erroring out >and or dropping the packets because you can't have two of the same MAC >addresses on the network. > >Has anyone actually gotten another's information spoofing MAC addresses? >I don't see how this could work. Play around with dsniff. On my test network at home, with two workstations (A and B) and a gateway router (C) on a 10/100 switch, I've been able to convince A that B was its router, and view A's traffic before sending it on to C. A putters away, and never even knows B is there. It's kinda scary. Far as I know, hard-coding an arp table is the only way to prevent that sort of thing ... someone please correct me if I'm wrong? -d To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.30.0012192209100.2606-100000>