D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] re homeplugs - VIP

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin Cornelius wrote:
> On Fri, Aug 22, 2008 at 2:11 PM, kevin <kevin.lucas@xxxxxxxxxxxxxxxxxx> wrote:
> 

>> I just use the mac address filter
>> so only hardware I know about can  get on!
> 
> Maybe you would like me to demonstrate an ARP Spoof attack where i
> redirect all your traffic through my laptop and sniff your passwords
> and watch what websites you are visiting in real time. This is very
> very easy.

Thinking about things a little further it seems that ethernet over power
wiring emulates unswitched ethernet. Which makes packet snooping trivial.

> And as i can see packets wining around the network i can get your mac
> addresses and its trival on some hardware to change the mac address

It's trivial on just about any hardware you are likely to be able to
find. Linux and Windows ethernet bridging code relys on being able to do
this as does DECNET support. It is also possible for certain uses of
multicast IP to use a multicast MAC as both source and destination.
If you look at the Linux network drivers you will typically find that
the MAC address is first retrieved from the NIC then stored in either
RAM or a register of a controller chip.

> anyway so i can just spoof your one and bang i'm in your network.

Slightly more complex than that in that you need to ensure that the
"victim" machine dosn't see the correct response to it's ARP request.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIsF15soRLMhsZpFcRArsIAJ42Y6FP/8MD9xsTrYhrWtAc3kjSOwCfeww4
9qi4sRKh3PTBLUZeUgN04bE=
=ODr6
-----END PGP SIGNATURE-----

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html