Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
Network Security
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: dsniff

  • From: Russ Gillis
  • Date: Mon Jun 26 18:10:35 2000 
I have no experience with dsniff, but on the surface it would seem that
switching is still the answer - layer 3 switching i.e. routing. If the
resources are in a different subnet than the end-users, then packets would
have to go through a default gateway to get to the host. The workstations
will be arping for the default gateway and not the host.

If there are a lot resource servers in the same subnet, then static arp
table entries could be used, but it wouldn't be pretty administering all
those entries.

Russ Gillis

- ----- Original Message -----
From: "Paul Howell" <grue@merit.edu>
To: <netsec@merit.edu>
Sent: Monday, June 26, 2000 11:46 AM
Subject: FWD: dsniff


>
> Hi,
>
> This topic came up on the sans unisog list and seems appropriate to ask
> this group about.
>
> < paul
>
> ------- Forwarded Message
>
> Date: Mon, 26 Jun 2000 07:07:16 -0400
> From: Jorj Bauer <jorj@seas.upenn.edu>
> To: unisog@sans.org
> Subject: dsniff
> Message-ID: <20000626070715.A8764@blue.seas.upenn.edu>
> Mime-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> X-Mailer: Mutt 1.0i
> Sender: owner-unisog@sans.org
> Precedence: bulk
>
> At this years' Usenix technical conference (last week), the author of the
> dsniff package presented his work (along with an incredible list of
> passwords that he had snarfed off of the wireless network there). I won't
> bore anyone with details (which you can get, if memory serves, from
> www.monkey.org/~dugsong/dsniff) -- the short of it is he has a program to
> forge arp replies which basically means that switches are once again hubs
> for sniffing purposes. I'm just wondering who (else) on this list is
> relying on switch-based security for legacy protocols, and if so, what
> potential solutions you're thinking of.
>
> In my case, we're stepping up plans to remove legacy protocols (such as
> telnet and ftp) from the network entirely. A very daunting task, to say
> the least, but at least we had been discussing it before this arose.
>
> - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- -=-=-
> Jorj Bauer                                  |       jorj@seas.upenn.edu
> Systems Programmer / Network Specialist     |         200 S. 33rd St.
> School of Engineering and Applied Science   |    Moore Building, Room 164
> University of Pennsylvania                  |     Philadelphia, PA 19104
> http://binky.seas.upenn.edu/~jorj           | O: 215/898-0575 F:
215/898-1195
> - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
- -=-=-
>
>
> ------- End of Forwarded Message
>
>


Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.