August 17th, 2004, 10:51 AM
Certainly not.... because it isn't illegal if you own or have permission to do it on the network you are attempting it on. Now, of course, if you were to start talking in specific terms about a network that you don't have authority to do this kind of thing on then, yes, you might receive a little "flak". So I guess it's all a matter of how you word it....
Errrrr guys, would we get flame for participating in this discussion of doing these illegal stuff?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
August 17th, 2004, 12:26 PM
This site is for security-minded people, and as we all know the thin line between these two possible worlds ( legal - illegal ) is a matter of moral, i guess.
The reason we share this is to educate, help (call it what you want) and to test or use it in safe or trusted environments. If some ass uses these techniques in real-life big networks, he's even a bigger ass than i thought.
I do test too, I do want to learn all about security, I try to learn to hack too, but for me this stays inside my lan. What others do is their problem.
August 17th, 2004, 01:38 PM
How is it illegal? The guy is doing it on his own network to understand how it works.
August 17th, 2004, 04:16 PM
Re: Re: Re: The Basics of Arpspoofing/Arppoisoning
This is perhaps why so many tutorial writers here opt to develop tutorials based on how to break (which isn't necessarily security). To my mind it isn't really a security tutorial until you show a person how to stop it from being attacked/broken in this manner. You could at least amend your current tutorial and discuss how to secure it against MITM attacks. I'll give ya a big hint on where to start: All major OSes have built-in capability that would render ARP poisoning/MITM attacks useless.
Originally posted here by Irongeek
I would be interested in writing such a tutorial, but doubt I have the resources to do it justice. I Know of a few ways ARP spoofing can be used for DoS, (like spoofing the gateway and turning off packet forwarding, or assuming the MAC address of an antenna in an Axon system) and I have ideas for possible solutions, but I don’t have the privileges on my network to really test them to make sure they the fixes work.
The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
\"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
Is your whole family retarded, or did they just catch it from you?
August 17th, 2004, 04:22 PM
Well, I could think of using static arp tables, but that would be a bitch to maintain in a decent sized network. You could do in between certain critical boxes however. Using Arpwatch is also hand for spotting when this kind of shenanigans is going on.
August 18th, 2004, 07:33 AM
If you have a decent programmable switch, you could set up rules so a certain port on the switch only allows packets of a certain MAC adress. If you don't often move computers on your network, I think this could be a protection against mitma. It requires some bookkeeping of the port-MAC adress tables, but like I said, if you don't move your clients too much, it not a big deal. If you want to do mitma you would have to hack the switch.
There are 10 kinds of people, those who can read binary, and those who can\'t.