[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
Robert Moskowitz
rgm at icsalabs.com
Mon Feb 28 15:50:43 CST 2005
At 04:28 PM 2/26/2005, Michael Todd wrote:
>It is trivial with arp cache poisoning. Please don't think that this can't
>be done in the "wild." See dsniff and vomit for tool information. I've
>done it plenty of times in the lab. No hub or SPAN port required :).
Until we get device identity (new PAR in 802.1) and DHCP implement it or
IPv6 neighbor discovery, there is no defense against ARP poisoning. There
IS a huristic that CISCO uses, but then the customer has to design their
network as Cisco wants them to.
I have done ARP poisoning on switches. So have colleagues at major switch
vendors.
Has anyone used DSNIFF with NETSPY? Even with SSL, the user jsut clicks
through the 'unknown cert' warning and you have your SSL MITM.
Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of Cybertrust, Inc.
W: 248-968-9809
F: 248-968-2824
E: rgm at icsalabs.com
There's no limit to what can be accomplished
if it doesn't matter who gets the credit
More information about the Voipsec
mailing list