Hi,

I have an assignment to complete and it is implementing the Man-in-middle attack.

I have a Linksys access-point and two machines with orinoco card.
one of them is Associated to the AP. Is it possible to implement the attack using ettercap ?
the wireless card that I am using the orinoco 802.11b.


This is purely an academic assignment.

MRG.

I understand that if you run ettercap with ARP cache poisoning or packet forging, I believe that would be your man in the middle attack.

Sniff away

Yes, you can use ettercap for a man in the middle attack.

Search google for "man in the middle attack" and "ettercap man in the middle attack".

Also, RTFM on ettercap (http://ettercap.sourceforge.net/index.php?s=download) and the other programs you might use (hunt (http://lin.fsid.cvut.cz/~kra/index.html#HUNT) , Achilles (http://www.mavensecurity.com/achilles) )

Have phun and do some searches on it. There is MUCH out there already.

arp posoining is risky so be careful if you do it. do not do it if you are a newbie unless you have done extenisive research....

I have an assignment to complete and it is implementing the Man-in-middle attack.

Really? An assignment to complete a man-in-the-middle attack? Where in blue blazes do you go to school?

Actually, these kinds of assignments are getting really common. My friends at purdue are always talking about these classes that teach all kinds of malicious stuff. Even at my school, upper classmen are doing all kinds of that crap. At least for net security.

arp poisoning is dangerous?

and you say this... why? i know i wouldn't want to be responsible for the death of an innocent arp but if its a planned test im sure it's not going to disrupt or compromise a working network.

Your address is spoofed to the targets in a man in the middle attack, so its not extremely dangerous. But be careful when you run ettercap, i have found that a couple of times Ive used it, it killed the remote connections when I was shutting down the que.

Another good tool to use is, Dsniff (http://monkey.org/~dugsong/dsniff/), sniffs traffic and strictly grabs passwords. Ettercap does this also but I think dsniff works much better.

Hi,

First it's an assignment. Second the lab that I wok in is isolated from the university's network. So it's not affecting others at any point of time.

Lets see next year A+ software and hardware are done and what do I get in return. Hacking and Basic Programming.

Looks like its pretty common.

My friend Pete goes to school and he's doing a report on OS FingerPrinting and how hacker's do it so well to use to their hack's on PC's. I found it interesting and asked him about it and he said he had alot of project's similiar to that as they have taken an AO approach to it.

Hacker's Know The Weaknesses In Your System, Shouldn't You?

Hi,

Now this is really basic thing, a little risky but gud for you to try.

You might as well want to try something really tricky, arrange Radius authentication and while its taking place .. try doing the same.

Think over it, Cisco case out with this issue, recelty in one of its major wireless authentication ( LEAP ) ;-) , now this will really be somthing big , that u might want to try to move ahead of ur collagues.. remember the key is u start thinking were other stop.

regards,
Raja

A+ doesn't teach you a thing about hacking. You won't even know arp or the other protcol stuff.

You will rather be familiar with the hardware drivers

Did you know you can actually take the CEH tests and become a Certified Ethical Hacker? I find that hilarious. The study text goes step by step through common things such as Spoof-SYN attacks (Man in the Middle).

Gee Boy, I would love to be a "certified" hacker....and an ethical one to boot.