Latest comments
In response to: Network Traffic Interception
Alecc Carlo Bertulfo [Visitor] · http://www.yagamiwebsite.blogspot.com
This is so cool... im very interested with this topic.... I'm so impressed with the Network Traffic Interception....
Permalink 02/04/10 @ 02:35 In response to: Internet Speed Optimization
kghj [Visitor]
if you wanna optimize your internet performance, i suggest downloading dsl speed, it can boosts internet connection, thereby speeding up your computer
Permalink 01/18/10 @ 20:46 In response to: My Top 10 Network Security Tools
Malakai [Visitor] · http://www.rapidsharemix.com
I think You do a great job. Thanks
Permalink 12/24/09 @ 07:42 In response to: DNSWall – A Protection Mechanism against DNS Rebinding Attacks
john brightman [Visitor] · http://www.whoismark.com
HI
looks very interesting!
bookmarked your blog.
john brightman
looks very interesting!
bookmarked your blog.
john brightman
Permalink 05/25/09 @ 11:35 In response to: My Top 10 Network Security Tools
sarah willson [Visitor] · http://www.whoismark.com
Hi Thanks for security information! great article!
Permalink 05/22/09 @ 16:16 In response to: Windows Vista and Proxy-ARP Requests
sexysex [Visitor]
I want a program to penetrate the proxy for Windows Vista
Permalink 04/26/09 @ 09:59 In response to: Network Traffic Interception
Ruth [Visitor] · http://laptopmessengerbag.info
I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.
Ruth
http://laptopmessengerbag.info
Ruth
http://laptopmessengerbag.info
Permalink 03/27/09 @ 21:42 In response to: EXTENDED DHCP Exhausting Attack
huku [Visitor] · http://www.grhack.net
Hello there,
I wonder why anyone would like to perform the DHCP exhausting attack while having access to the LAN of the target network. There's a feature of the DHCP protocol which allows for deceiving all the hosts in the subnet. Let's have a look at the relevant RFC :-)
--- snip rfc2131 ---
The server MAY choose to return the 'vendor class identifier' used to determine the parameters in the DHCPOFFER message to assist the client in selecting which DHCPOFFER to accept.
--- snip rfc2131 ----
And...
--- snip rfc2131 ---
Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in place, an attacker can further compromise affected systems.
--- snip rfc2131 ---
So, it's quite obvious. Just send fake DHCP replies to all the hosts in the subnet and force them to think that you are the gateway and the DNS server for the LAN. From there on, you can perform other attacks (e.g DNS spoofing, SSL MiM etc).
There's only one problem left. How can one force the client to choose _their_ DHCP offer instead of the legitimate one. Well... It's just a matter of providing fake options. The client will pick up the answer that satisfies all of the requested options (and that's the reason that various DHCP servers can be used for various client classes in the same LAN).
Anyway, good work :-). I'd just like to point out that your extended DHCP attack will not work on properly configured gateways. Usually, sane administrators choose to drop any packet with a source IP address that doesn't match the netmask of the incoming interface and packets that have source IP equal to the gateway's (just have a look at the BSD pf antispoof rules).
Cheers
./hk
I wonder why anyone would like to perform the DHCP exhausting attack while having access to the LAN of the target network. There's a feature of the DHCP protocol which allows for deceiving all the hosts in the subnet. Let's have a look at the relevant RFC :-)
--- snip rfc2131 ---
The server MAY choose to return the 'vendor class identifier' used to determine the parameters in the DHCPOFFER message to assist the client in selecting which DHCPOFFER to accept.
--- snip rfc2131 ----
And...
--- snip rfc2131 ---
Unauthorized DHCP servers may be easily set up. Such servers can then send false and potentially disruptive information to clients such as incorrect or duplicate IP addresses, incorrect routing information (including spoof routers, etc.), incorrect domain nameserver addresses (such as spoof nameservers), and so on. Clearly, once this seed information is in place, an attacker can further compromise affected systems.
--- snip rfc2131 ---
So, it's quite obvious. Just send fake DHCP replies to all the hosts in the subnet and force them to think that you are the gateway and the DNS server for the LAN. From there on, you can perform other attacks (e.g DNS spoofing, SSL MiM etc).
There's only one problem left. How can one force the client to choose _their_ DHCP offer instead of the legitimate one. Well... It's just a matter of providing fake options. The client will pick up the answer that satisfies all of the requested options (and that's the reason that various DHCP servers can be used for various client classes in the same LAN).
Anyway, good work :-). I'd just like to point out that your extended DHCP attack will not work on properly configured gateways. Usually, sane administrators choose to drop any packet with a source IP address that doesn't match the netmask of the incoming interface and packets that have source IP equal to the gateway's (just have a look at the BSD pf antispoof rules).
Cheers
./hk
Permalink 12/13/08 @ 08:27 In response to: Giant-Reverse: The Next Gen. Reverse Shell
RocknRoll [Visitor] · http://techstud.org
Nice Info about reverse shell execution...
with neat English ...
Keep it up buddy...
with neat English ...
Keep it up buddy...
Permalink 12/10/08 @ 18:43 In response to: My Top 10 Network Security Tools
funkinessflavor [Visitor]
90% agree (scapy is missing !)
Permalink 12/03/08 @ 09:33 
XML Feeds
