Redirecting Traffic
However forged ARP requests present a way to illicitly re-direct, andtherefore monitor, other hosts traffic.
A forged packet sent to the switch with the target's MAC and IP
address as the source will cause the switch to update its internal maps,
redirecting data intended for the victim to the network sniffer's port. A
NIC in promiscuous mode would therefore be able to monitor the
traffic, and if the local network configuration were modified, the
scanning host could be configured to accept and process the traffic
directly.
Since traffic to any host could (at least temporarily) be usurped, an
upstream gateway could be hoaxed, causing even more traffic to be
redirected.
Many existing tools utilize this technique to compromise switch
security, including:
• dsniff.
• hunt.
• arptool.
UNC Share Risk
Referring again to L0pht Crack's password sniffing ability, to overcomethe nature of a switched network without attacking the switch, an email
could be engineered with a URL within it pointing to a UNC on
the machine running the sniffer. Should a target user click on the link,
their username and password hashes would be passed directly to the
sniffing host in an attempt to access the resource, and L0pht Crack
would therefore be able to capture and crack the accompanying
password. Although this requires interaction from the targeted user, the
link could be disguised and made sufficiently enticing to ensure a fairly
high success rate in engineering user response.
No comments:
Post a Comment