[2814] in bugtraq
Re: RARP attack?
daemon@ATHENA.MIT.EDU (Pete Ashdown)
Tue Jun 25 18:01:25 1996
Date: Tue, 25 Jun 1996 11:18:29 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Pete Ashdown <pashdown@xmission.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
>> It looks as if someone broke into one of these other machines, then started
>> sending out bogus RARP packets. I had been experiencing a weird packet loss
>> that I couldn't track down for the past few weeks, but today and yesterday
>> several of our Suns were not reachable at all from the provider's Cisco.
>
>Have you captured one of those packets?
No. I'd like some advice on how to do this with a Cisco though.
>You could redirect traffic between two hosts by stomping over an
>existing ARP cache entry. Just send an ARP request from your host,
>with the sender IP address being that of the entry you want to override,
>and the target host will start sending IP packets destined to that
>host to your MAC address.
I didn't capture the MAC address (terminal with no scrollback :-( ), so I'm
not sure if it pointed to any particular machine on the local ethernet.
