Author Topic: Poisoned arp-attack, easy and growing attack vector.....  (Read 4691 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Poisoned arp-attack, easy and growing attack vector.....
« on: November 05, 2007, 06:53:41 PM »
Hi malware fighters,

Dns-atacks and malware via poisoned arp-attack are a growing threat.
Read: http://www.cisrt.org/enblog/read.php?189

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Lusher

  • Guest
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #1 on: November 08, 2007, 01:17:17 PM »
I have defenses against this.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #2 on: November 08, 2007, 04:02:12 PM »
I have defenses against this.
This is actually a very empty statement since you're not listing those defenses. IMHO  :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Lusher

  • Guest
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #3 on: November 08, 2007, 04:54:28 PM »
I have defenses against this.
This is actually a very empty statement since you're not listing those defenses. IMHO  :)

I've written a couple of thousand of words on this elsewhere so excuse me if i'm a bit tired of writing it down again.

But i'm more curious about what the rest of you do specifically against this...

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #4 on: November 08, 2007, 05:36:47 PM »
Quote
I've written a couple of thousand of words on this elsewhere so excuse me if i'm a bit tired of writing it down again.
Repeating it here isn't necessary but a link to the original post you made would be helpful.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33892
  • malware fighter
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #5 on: November 09, 2007, 12:47:53 AM »
Hi bob3160,

There are programs also for Windows to detect this. Another elegant method could be this.
The final conclusion is that the best way to find injected code was to compare a suspicious document with a known-good document.  Of course, the problem is finding a known-good doc to compare to but, with a bit of thought, you could come up with an additional insight -- an attacker couldn't inject a payload into a doc downloaded over SSL.  So, I think the following would work nicely:

    * wget http://www.microsoft.com/default.aspx (possibly not the _best_ test page, but it'll do for our example)
    * wget https://www.microsoft.com/default.aspx
    * Diff the two documents and look for obviously injected code. 

Unfortunately, the two copies of default.aspx, in this example, will have minor differences but nothing so obvious as an <iframe> pointing somewhere else.

polonus


Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Lusher

  • Guest
Re: Poisoned arp-attack, easy and growing attack vector.....
« Reply #6 on: November 09, 2007, 02:44:21 PM »
Hi bob3160,

There are programs also for Windows to detect this. 
 

And you don't tell us what these are??

Watch out, Bob3160 is coming to bite your head off for teasing us... :D

PS For the record i was referring to these programs...