[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
Christopher A. Martin
chris at infravast.com
Mon Feb 28 20:17:32 CST 2005
Not only is dsnif capable, but combined with sebek the ssl may be
compromisable as well since we are a man in the middle...but this is a work
in progress...
Christopher A. Martin
P.O. Box 1264
Cedar Hill, Texas 75106
Chris at InfraVAST.com
> -----Original Message-----
> From: Voipsec-bounces at voipsa.org [mailto:Voipsec-bounces at voipsa.org] On
> Behalf Of Robert Moskowitz
> Sent: Monday, February 28, 2005 3:51 PM
> To: Michael Todd; Gerald Maguire
> Cc: Voipsec at voipsa.org
> Subject: Re: [VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
>
> At 04:28 PM 2/26/2005, Michael Todd wrote:
> >It is trivial with arp cache poisoning. Please don't think that this
> can't
> >be done in the "wild." See dsniff and vomit for tool information. I've
> >done it plenty of times in the lab. No hub or SPAN port required :).
>
> Until we get device identity (new PAR in 802.1) and DHCP implement it or
> IPv6 neighbor discovery, there is no defense against ARP poisoning. There
> IS a huristic that CISCO uses, but then the customer has to design their
> network as Cisco wants them to.
>
> I have done ARP poisoning on switches. So have colleagues at major switch
> vendors.
>
> Has anyone used DSNIFF with NETSPY? Even with SSL, the user jsut clicks
> through the 'unknown cert' warning and you have your SSL MITM.
>
>
> Robert Moskowitz
> Senior Technical Director
> ICSA Labs, a division of Cybertrust, Inc.
> W: 248-968-9809
> F: 248-968-2824
> E: rgm at icsalabs.com
>
> There's no limit to what can be accomplished
> if it doesn't matter who gets the credit
>
>
>
> _______________________________________________
> Voipsec mailing list
> Voipsec at voipsa.org
> http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
More information about the Voipsec
mailing list