[VOIPSEC] Re: Voipsec Digest, Vol 2, Issue 33
Michael Todd
michaeldtodd at mac.com
Sat Feb 26 15:28:43 CST 2005
It is trivial with arp cache poisoning. Please don't think that this
can't be done in the "wild." See dsniff and vomit for tool information.
I've done it plenty of times in the lab. No hub or SPAN port required :).
Mike
Gerald Maguire wrote:
>Regarding
> Date: Fri, 25 Feb 2005 17:31:51 -0500
> From: "Brian Rosen" <br at brianrosen.net>
> Subject: RE: [VOIPSEC] Actual Attacks
> To: "'Mark Teicher'" <mht3 at earthlink.net>, <voipsec at voipsa.org>
> Message-ID: <mailman.2.1109398021.4428.voipsec_voipsa.org at voipsa.org>
> Content-Type: text/plain; charset="us-ascii"
>
> Are you aware of this actually happening, or is this all theoretic?
>
> I've never heard of actual incidents of any of this.
>
> The latter (eavesdropping) is actually the reverse; when we do testing, we
> have to go through all kinds of grief to allow the sniffers to get at the
> packets. Someone has to actually bring a hub (not a switch) so we can sniff
> the packets. You can, of course, run Etherreal on some of the actual
> devices. It's amazingly hard to sniff packets in a typical switched
> architecture. When we implement CALEA (legal wiretap), it takes a special
> box that we force all the traffic to go through so we can copy the packets
> to the LEA.
>
> WiFi and your neighbor's cable modem excepted, of course.
>
> Brian
>
>Many switches support the ability to replicate all the traffic to
>another port, see for example "port mirroring" for HP, Cisco, Foundry
>Networks, ... switches.
>
>Regards,
>G. Q. Maguire Jr.
>
>_______________________________________________
>Voipsec mailing list
>Voipsec at voipsa.org
>http://voipsa.org/mailman/listinfo/voipsec_voipsa.org
>
>
>
More information about the Voipsec
mailing list