I don't believe that. Arp poisoning is not ugly. You can call MAC
flooding as ugly, but not ARP poisoning for sure.
ARP poisoning does nothing to the switch. Switches work at level 2 and
are only concerned about MAC addresses. They don't come to know that
MAC address of a certain IP address has changed.
ARP poisoning can confuse only the involved hosts. If gateway is one
of those hosts and someone attempting to ARP poison is a kid, then
certainly there can be some problems.
hth
~manu
On 6/16/05, Ulf Lamping <ulf.lamping@xxxxxx> wrote:
> Manu Garg wrote:
>
> >Many of us know that sniffing is possible in a shared i.e.
> >non-switched ethernet environment. But only few of us know that
> >sniffing is also possible in a switched ethernet environment. One of
> >the reasons is that it's not that straighforward. But it's not
> >impossible or difficult. You can use man in the middle technique like
> >ARP spoofing to sniff in a switched environment.
> >
> >
> >This presentation is an attempt to explain how can somebody sniff in a
> >switched ethernet using ARP spoofing. Dsniff has existed for long as a
> >tool for various sniffing activities. But recently, tools like
> >EttercapNG have made it easier.
> >
> >
> >Link to my original post and presentation -
> >http://manugarg.freezope.org/2005/06/sniffing-in-switched-network-many-of.html
> >
> >Presentation-
> >http://manugarg.freezope.org/notes/arp_spoofing
> >
> >Please let me know your views on it.
> >
> >
> Yes it is possible, but it is really ugly for it's various side effects.
>
> Have a look at the information on this topic so far at:
> http://wiki.ethereal.com/CaptureSetup_2fEthernet
>
> As the wiki page says:
>
> *Please do not try this on any LAN other than your own.*
>
> Regards, ULFL
>
--
Manu Garg
http://manugarg.freezope.org
"Truth will set you free!"
