Follow us on Twitter!
Ideas are far more powerful than guns.
Thursday, April 17, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 23
Guests Online: 21
Members Online: 2

Registered Members: 82822
Newest Member: TheBunter
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Every man is just in his own eyes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-09 02:39
[Background]
I went to visit a friend at our states Technical College, and found it would be a good time to mess with some network sniffers and such. (since i never really got around to creating a simulation on my network) In about 3 hours i got so many passwords and PI that i just stopped.

[Decision]
I found that i should try to fix the problem, and since i wasn't a student or a registered visitor i shouldn't say anything personally. I Logged on the myspace of the people i found and left them messages explaining the situation and that some Network Admins should be notified.

[Question]
Can this attack (ARP Poisoning) be prevented Easily and would you have acted differently in this situation and why?
Author

RE: Every man is just in his own eyes

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 28-06-09 05:29
Sounds like a topic for an essay Pfft


Wisdom spared is wisdom squared.
Author

RE: Every man is just in his own eyes

stealth-
Member



Posts: 1003
Location: Eh?
Joined: 10.04.09
Rank:
Mad User
Posted on 28-06-09 07:14
Im not sure how easy it is to prevent this, but being myself I probably would have left it all alone. It's not really my problem, and I would be too busy being amazed about how easy it was to do that. I definately say its a bad idea to report it to the administrators, as I've heard people report problems and get sue'd over it, because their computer contained information regarding the intrusion, they technically admitted to breaking the law.


The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealt. . .

Edited by stealth- on 28-06-09 07:14
http://www.stealth-x.com
Author

RE: Every man is just in his own eyes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 28-06-09 14:07
indeed man, thats why i said nothing face to face and left it to the people who did get compromised to say something to the tech guys.
Author

RE: Every man is just in his own eyes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 03:37
Well as far as it being preventable, in the ARP poisoning sense, yes, all you would have to do is configure a static address...

Code
Example:
arp -s GateWayIP  GateWayMac




This could put a damper on someone pulling an arp mitm, but this means that everyone that connected to the network would have to configure this themselves, I doubt it would be make any difference, and there's more than one way mitm attacks are conducted, and ways they could prevented.

If it was me and i wanted to make people take notice... i would have started dns spoofing and took everyone to a my own special web page.





Edited by on 29-06-09 03:45
Author

RE: Every man is just in his own eyes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 08:37
They probably can't use static IP's since it's a college network and not a personal one. He said he got 300+ passwords. I mean it's not impossible to do, but it would be a bitch, and it's not something the college is likely to do.


Author

RE: Every man is just in his own eyes


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 29-06-09 16:49
I known through experience that schools are harsh on intrusions because of the confidentiality policy of there students info .




Author

RE: Every man is just in his own eyes

ranma
Member



Posts: 273
Location: Behind a sphere
Joined: 27.08.05
Rank:
Active User
Posted on 29-06-09 17:48
S1L3NTKn1GhT wrote:
I known through experience that schools are harsh on intrusions because of the confidentiality policy of there students info .



Which is extremely messed up b/c my school system has a website and my school has one too. My school uses our last name and our student ID (which should be private) to log us in to see our grades. However, my school system website can be made to give you other people's IDs. xD


Wisdom spared is wisdom squared.