[networking] APR/ARP poisoning

[god]

ARP stands for: Address Resolution Protocol
its also known as ARP SPOOFING....
It's done by sending fake messages to an ethernet LAN, these malformed requests confuse local switches and routers and stuff, making them forward all traffic to a specified mac address (the one of the attacker) or an unreachable or unexisting one.
It can be used to Sniff data off a network (you forward the traffic to your pc and then ur pc analyses it for passwords,conversations,all kinds of data... and then your pc you reroute it to its destination) and to do Denial Of Service (DoS) attacks.....
Anyone has any experience with ARP sniffing? I like messin around with it i used to know a lot about it (by analyzing the data sent by CAIN AND ABEL when i enable sniffing, to know what the sent packets contain) and try stuff with vb's winsock..........

[Dazlingo]

lol nice
Cain&Abel/Ethreal is a good combination
ARP poisoning IS pretty deadly if used correctly

[xcoder]

Let me try to get it,
let's say i made a soft in vb using winsock to connect to that router
then i send fake messages to drag the packets to my system then rout it back to the destination?
is it like adding another router which is your pc?

[lebanese_a]

The latest version is faster and contains a lot of new features like APR (Arp Poison Routing) which enables sniffing on switched LANs and Man-in-the-Middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and contains filters to capture credentials from a wide range of authentication mechanisms. The new version also ships routing protocols authentication monitors and routes extractors, dictionary and brute-force crackers for all common hashing algorithms and for several specific authentications, password/hash calculators, cryptanalysis attacks, password decoders and some not so common utilities related to network and system security

http://www.oxid.it/cain.html

==================

How good can it do that, I buy stuff from the net with my visa!? so can they get the number using this??? Should I get a Modem connection to buy stuff mine hala2 w rayi7???

w btw: where do you live ya god??? <the emoticon depends on where you live

[god]

hahahaa Yep nowhere is safe anymore unless its SSH (not even safe at all :P) i live somewhere near zalka and xcoder, yep hek chi

[Lebanese_rebel]

wuuuuuuuuuuut ZALKA???
thats where i live dude....You and xcoder are my neighbors it seems
Which cable provider do u use???(to see if theres any need to switch mine lol)
Ive been readin some dangerous stuff u do !!

[god]

actually its biakout :P (bye2out), w chou dangerous :P ? elaborate.. :P
andd ta ydal el thread bel subject, anybody ever got caught sniffing and contacted by his local ISP ?

[Dazlingo]

the only way it's able to sniff HTTPS/SSH session it's because it intercepts the certificates and act as a man in the middle.
anyway, ARP Spoofing can be easily detected. We had this problem before and now we have dedicated machines running to detect anyone trying to poison ARP

[Iceberg]

Not wanting to correct anyone but there's a way to go totally undetected by today's sniffers/poisons/tracers/whatever.. Using SSH with a custom script made using RSA 1024bits. I wrote one I have it somewhere, it can also be found on the web.

[lebanese_a]

Quote:

Originally Posted by Dazlingo

the only way it's able to sniff HTTPS/SSH session it's because it intercepts the certificates and act as a man in the middle.
anyway, ARP Spoofing can be easily detected. We had this problem before and now we have dedicated machines running to detect anyone trying to poison ARP

I saw those kind of machine in an ad in the cain and abel site, I visited the site ands the machine costs 300$, It's not much for a local ISP with many connection but how many will buy it?? Uno do all of them care if people can see the custumers private stuff??
w ba3dena, I am sure some of them steel there client stuff so... ma ba3rif that's the problem with internet in Lebanon, uno you have to trust the guy, W i don't know how much people are trust worthy.