Network APR Problem

Data that travels over the air and how to protect (or decipher) it

Network APR Problem

Post by a_c_i_d_b_u_r_n on Fri May 30, 2008 6:03 pm
([msg=3773]see Network APR Problem[/msg])

Recently I've been playing with APR using Cain but have only experienced minor success.
I have a list of IPs and MAC addresses on the network and I have identified the default gateway so that I can set up the appropriate poisoning.

However the packets that get sniffed all seem to be on connections within my own subnet... hence I can pick up connections to webmail etc. that run within my subnet but not connections to the global internet.

Any ideas how to sniff connections to the global internet rather than just connections within my subnet? Is this a security measure that has been taken and is beyond my control?

Thanks.
a_c_i_d_b_u_r_n
New User
New User
 
Posts: 2
Joined: Fri May 30, 2008 5:57 pm
Blog: View Blog (0)


Re: Network APR Problem

Post by 193zaitsev on Fri May 30, 2008 7:09 pm
([msg=3776]see Re: Network APR Problem[/msg])

ARP resolves MAC - IP translations on the system's local network, not the entire internet.
193zaitsev
New User
New User
 
Posts: 36
Joined: Wed May 21, 2008 10:28 pm
Location: USA
Blog: View Blog (0)


Re: Network APR Problem

Post by a_c_i_d_b_u_r_n on Sat May 31, 2008 6:08 am
([msg=3807]see Re: Network APR Problem[/msg])

193zaitsev wrote:ARP resolves MAC - IP translations on the system's local network, not the entire internet.

Thanks for that, I sort of knew what was going on but couldn't work it out completely.

The problem I have now is that I only get half-routing on the connection that I need to full-route. I read up on this and think it's a security measure called DHCP Snooping. I tried spoofing MAC and IP addresses to no avail. Any ideas how to get full-routing past DHCP Snooping?
a_c_i_d_b_u_r_n
New User
New User
 
Posts: 2
Joined: Fri May 30, 2008 5:57 pm
Blog: View Blog (0)


Re: Network APR Problem

Post by int3grate on Tue Jun 03, 2008 3:58 pm
([msg=3954]see Re: Network APR Problem[/msg])

The problem I have now is that I only get half-routing on the connection that I need to full-route. I read up on this and think it's a security measure called DHCP Snooping. I tried spoofing MAC and IP addresses to no avail. Any ideas how to get full-routing past DHCP Snooping?


You must either A, have some really nice networking equipment. Or B, be on a business/industry/education network that has nice networking equipment. "DHCP snooping" is a mechanism on the networking equipment that keeps a table of IPs given out through DHCP mapped to their respective MAC addresses. If someone sends an invalid ARP reply or broadcast out, the networking equipment recognizes it and drops the packets because because the IP address and MAC address doesn't match up to what's stored in the table.

The only networking equipment I've seen that supports this is higher end cisco catalyst switches. There might be more, but I don't have any experience with them. The answer to your question is no. You can't bypass or get around DHCP snooping. Furthermore, you shouldn't be performing these types of attacks on production networks, or any network that you do not own and control.

Int3grate
int3grate
New User
New User
 
Posts: 38
Joined: Tue May 27, 2008 7:54 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests