The only new is that the attacker relays the packets from the trusted
client.
This is not needed for the spoof.
The solution in the defcon 8 presentation is far more easier.
You do not need to arpspoof and NAT.
* Spoof trusted client on the same LAN:
Just take the MAC and IP of the trusted host.
* Spoof an upstream trusted client:
Just take the MAC of the upstream router and the IP of the
trusted client.
Defcon 8:
http://www.defcon.org/html/defcon-8/defcon-8-post.html
Read "Full Connection Vanilla IP-Spoof" in the presentation at:
http://www.wittys.com/files/defcon_vitek.ppt
All responses containing:
1: "But on a switched environment ..."
2: "But if you take same MAC as the ..."
will be redirected to /dev/null
//Ian Vitek, iXsecurity
mailto:ian.vitek (at) ixsecurity (dot) com [email concealed]
Hi,
In an article available at
http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new
technique for spoofing an IP address using ARP cache poisoning and network
translation. The IP smart spoofing allows to run any application with a
spoofed IP address and thus, bypass many access control based on source IP
address. As a result, we will explain why IP based access control is not
reliable on firewalls, routers or applications.
The only new is that the attacker relays the packets from the trusted
client.
This is not needed for the spoof.
The solution in the defcon 8 presentation is far more easier.
You do not need to arpspoof and NAT.
* Spoof trusted client on the same LAN:
Just take the MAC and IP of the trusted host.
* Spoof an upstream trusted client:
Just take the MAC of the upstream router and the IP of the
trusted client.
Defcon 8:
http://www.defcon.org/html/defcon-8/defcon-8-post.html
Read "Full Connection Vanilla IP-Spoof" in the presentation at:
http://www.wittys.com/files/defcon_vitek.ppt
All responses containing:
1: "But on a switched environment ..."
2: "But if you take same MAC as the ..."
will be redirected to /dev/null
//Ian Vitek, iXsecurity
mailto:ian.vitek (at) ixsecurity (dot) com [email concealed]
Hi,
In an article available at
http://www.althes.fr/ressources/avis/smartspoofing.htm, we describe a new
technique for spoofing an IP address using ARP cache poisoning and network
translation. The IP smart spoofing allows to run any application with a
spoofed IP address and thus, bypass many access control based on source IP
address. As a result, we will explain why IP based access control is not
reliable on firewalls, routers or applications.
Regards,
Laurent Licour (llicour (at) althes (dot) fr [email concealed]) & Vincent Royer (vroyer (at) althes (dot) fr [email concealed])
http://www.althes.fr
[ reply ]