| Author |
Every man is just in his own eyes |
cis_slayer
Member
Posts: 225
Location:
Joined: 23.10.06
Rank: Hacker Level 2 |
|
[Background]
I went to visit a friend at our states Technical College, and found it would be a good time to mess with some network sniffers and such. (since i never really got around to creating a simulation on my network) In about 3 hours i got so many passwords and PI that i just stopped.
[Decision]
I found that i should try to fix the problem, and since i wasn't a student or a registered visitor i shouldn't say anything personally. I Logged on the myspace of the people i found and left them messages explaining the situation and that some Network Admins should be notified.
[Question]
Can this attack (ARP Poisoning) be prevented Easily and would you have acted differently in this situation and why? |
|
| Author |
RE: Every man is just in his own eyes |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
Sounds like a topic for an essay 
Wisdom spared is wisdom squared. |
|
|
| Author |
RE: Every man is just in his own eyes |
stealth-
Member
Posts: 998
Location: Eh?
Joined: 10.04.09
Rank: God |
|
Im not sure how easy it is to prevent this, but being myself I probably would have left it all alone. It's not really my problem, and I would be too busy being amazed about how easy it was to do that. I definately say its a bad idea to report it to the administrators, as I've heard people report problems and get sue'd over it, because their computer contained information regarding the intrusion, they technically admitted to breaking the law.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 28-06-09 07:14 |
|
| Author |
RE: Every man is just in his own eyes |
cis_slayer
Member
Posts: 225
Location:
Joined: 23.10.06
Rank: Hacker Level 2 |
|
|
indeed man, thats why i said nothing face to face and left it to the people who did get compromised to say something to the tech guys. |
|
|
| Author |
RE: Every man is just in his own eyes |
Cracker_Jax
Member
Posts: 155
Location: США
Joined: 11.12.07
Rank: Elite |
|
Well as far as it being preventable, in the ARP poisoning sense, yes, all you would have to do is configure a static address...
Example:
arp -s GateWayIP GateWayMac
This could put a damper on someone pulling an arp mitm, but this means that everyone that connected to the network would have to configure this themselves, I doubt it would be make any difference, and there's more than one way mitm attacks are conducted, and ways they could prevented.
If it was me and i wanted to make people take notice... i would have started dns spoofing and took everyone to a my own special web page.
Edited by Cracker_Jax on 29-06-09 03:45 |
|
|
| Author |
RE: Every man is just in his own eyes |
Skunkfoot
Member
Posts: 672
Location:
Joined: 01.09.06
Rank: God |
|
They probably can't use static IP's since it's a college network and not a personal one. He said he got 300+ passwords. I mean it's not impossible to do, but it would be a bitch, and it's not something the college is likely to do.
Today a young man on acid realized that all matter is merely energy condensed to a slow vibration, that we are all one consciousness experiencing itself subjectively, that there is no such thing as death, life is only a dream, and we are the imaginations of ourselves.
--Bill Hicks
--=[ Skunkfoot || Temet Nosce ]=--
|
|
| Author |
RE: Every man is just in his own eyes |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
I known through experience that schools are harsh on intrusions because of the confidentiality policy of there students info .
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: Every man is just in his own eyes |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
|
S1L3NTKn1GhT wrote:
I known through experience that schools are harsh on intrusions because of the confidentiality policy of there students info .
Which is extremely messed up b/c my school system has a website and my school has one too. My school uses our last name and our student ID (which should be private) to log us in to see our grades. However, my school system website can be made to give you other people's IDs. xD
Wisdom spared is wisdom squared. |
|
|
Main:
