[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] info on ip spoofing please

DNS cache poisoning ?? - Hmm! I'd like to hear more on this. Would you please elaborate for me. 
Thanks.
Ian t



From: "Brian Eaton" <eaton.lists@xxxxxxxxx>
To: "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] info on ip spoofing please
Date: Tue, 11 Apr 2006 16:31:26 -0400
MIME-Version: 1.0
Received: from lists.grok.org.uk ([195.184.125.51]) by bay0-pamc1-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 11 Apr 2006 13:32:35 -0700 Received: from lists.grok.org.uk (localhost [127.0.0.1])by lists.grok.org.uk (Postfix) with ESMTP id 64AF66A4;Tue, 11 Apr 2006 21:31:50 +0100 (BST) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.172])by lists.grok.org.uk (Postfix) with ESMTP id 0F48B362for <full-disclosure@xxxxxxxxxxxxxxxxx>;Tue, 11 Apr 2006 21:31:26 +0100 (BST) Received: by uproxy.gmail.com with SMTP id m3so837107ugcfor <full-disclosure@xxxxxxxxxxxxxxxxx>;Tue, 11 Apr 2006 13:31:26 -0700 (PDT) Received: by 10.78.17.4 with SMTP id 4mr193068huq;Tue, 11 Apr 2006 13:31:26 -0700 (PDT) 
Received: by 10.78.24.11 with HTTP; Tue, 11 Apr 2006 13:31:26 -0700 (PDT)
X-Message-Info: JGTYoYF78jG7jILEeCsdT2hBmxQ+cyZzs3iEPQ9BL1A=
X-Original-To: full-disclosure@xxxxxxxxxxxxxxxxx
Delivered-To: full-disclosure@xxxxxxxxxxxxxxxxx
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;b=jLxxCF2Ny+g2QvgDx3cNLXfkbYACVEfFdAKlEcSUUVSOJc1H6n+U5FMGYjaF6j53wpeBPV1k2Nsi1n0VEIas8wOGK7PkF2Ln9kbuj8igND3BF7wyw/w8MhE7jVCldcpr3P00hsJ7z0w18+15fd+bhtUxoYC2BTSutt3ypxyOd44= References: <BAY112-F8AAC63A6AF32C102B39D099CD0@xxxxxxx><443C0973.4090702@xxxxxxxxxxx> 
X-BeenThere: full-disclosure@xxxxxxxxxxxxxxxxx
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: An unmoderated mailing list for the discussion of security issues<full-disclosure.lists.grok.org.uk> List-Unsubscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=unsubscribe> 
List-Archive: <http://lists.grok.org.uk/pipermail/full-disclosure>
List-Post: <mailto:full-disclosure@xxxxxxxxxxxxxxxxx>
List-Help: <mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=help>
List-Subscribe: <https://lists.grok.org.uk/mailman/listinfo/full-disclosure>, <mailto:full-disclosure-request@xxxxxxxxxxxxxxxxx?subject=subscribe> 
Errors-To: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
Return-Path: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
X-OriginalArrivalTime: 11 Apr 2006 20:32:35.0566 (UTC) FILETIME=[112C10E0:01C65DA7] 

On 4/11/06, Michael Holstein <michael.holstein@xxxxxxxxxxx> wrote:
> You can't (passively anyway) sniff packets from a host in another VLAN
> without some special trickery.
I'd love to hear some examples of this having been done, actively or passively. 

The only avenue for an active attack that occurs to me is DNS cache
poisoning.  I'm sure there are others.

Regards,
Brian

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_________________________________________________________________
Are you using the latest version of MSN Messenger? Download MSN Messenger 7.5 today! http://join.msn.com/messenger/overview 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/