So…. what is arp spoofing (poisoning)…. and what are it’s implications? ARP spoofing involves tricking a machine into thinking that you’re machine is, yet another. Let’s put this in IP address terms. Let’s say that 192.168.0.1 is the default gatway on the network and 192.168.0.150 is our target. We are given another network address – say 192.168.0.250…. Arp spoofing would tell 192.168.0.150 that OUR network adapter is the place to send information destined for 192.168.0.1, (and we could also tell 192.168.0.1 that WE are the rightful recipient of data sent to 192.168.0.150). These is done by offering up our MAC address as the legitimate desitination to each machine through a crafted ARP response.
Tag: internet
-
Google explains Google China Decision
The Official Googleblog has an article today about their decision to filter results in China. I took a look at the Chinese version today (I saw an image search comparing Tienamen (spelling?) results in English and Chinese. I also searched for my site and found that I seem to be absent from the Chinese search results. Now you might say the latter is not surprising for a number of reasons, but I’ve found other English language sites showing up in the Google.cn results…. I guess information about computer security is too risky for the Chinese People to find. !!Correction-8:30PM EST!! I had earlier seen Sunbelt mention guiness.com missing from the results and they just noted that was in the results now. Likewise, my site was missing and now is present in the Google.cn results… !!End Correction!!
-
Your own wikipedia….
I’ve made quite a bit of use out of the wikipedia in recent years. I know it has it’s flaws (I’ve run across some first hand), but I’ve found typos in textbooks as well. However that doesn’t mean that it can’t be a very useful reference. In fact, in some of my browsing I’ve gone through the spanish language version of the wikipedia putting some of my spanish reading skills to the test. Anyway, in the last couple days I became curious for various reasons about actually downloading a copy and installing the wikipedia locally. Now, I know one of the benefits of the wikipedia is that it’s collaborative and this way I’ll miss out on current and changing/improving/updating articles. But I can see some reasons to want to have a “snapshot”.
-
Google Talk federation….
When Google Talk first came out, many people were excited that they were using the protocol that jabber is built on. There were also disappointments that ALL of the protocol hadn’t been implemented. In fact, the biggest disappointment many had was that a jabber.org instant messenger user could not IM with a gmail.com user. That has all changed…. Google Talk now does “open federation” which basically means IM requests can be passed along from one server to another until it get’s to the server that the IM user is registered with.
-
Urgent AOL update
This sounds like a serious vulnerability. The SecurityFix is reporting on a very serious vulnerability in AOL.
The problem affects AOL version 8.0, AOL version 8.0+, and AOL version 9.0 Classic.
The vulnerability could allow a remote attacker to take control of a users PC. Basically, all that would be needed is for the AOL user to visit a specially crafted web page.
-
Hacking with Google (and without Google.)
I found a couple of interesting presentations on network security related topics. Primarily these are about using the internet and search engines for gathering information on specific “targets”. Their very interesting from a “self analysis” point of view as well.
-
Google rumors galore….
There are all sorts of rumors circulating about Google’s product announcements tomorrow at CES. There are still stories floating around about a Google PC running linux and there are stories about pay-download videos and a software bundle. No official word on these from Google. (They had denials about PC talks from some of the retailers that were supposedly approached.) The Google Cube is listed as the codename for the Google PC according to one article.
-
What is a Ping?
The word “ping” is used in computer networking. It’s usually used to test and see if a machine is able to be “reached” or “talked to” over a network. The terminology reminds me of the concept of radar systems. I have a tendency to think of it as “bouncing a test” off the other machine. Most every operating system that has networking support can ping, or should be able to answer a ping request. Many times it’s used as a basic test of the ability to access the internet.
-
Windows Desktop Search
I got a first look at Windows Desktop Search today (bundled with MSN Search Toolbar?) I was told that it was new on the system and had not been used. The systems owner didn’t know when it was installed and thought it must have been installed when he did a windows update. It looks like the MSN search toolbar adds tabbed browsing to internet explorer. I’m a bit suspicious of ANY software that the system owner is unsure of how it got to be installed on the system.
-
Common Networking Ports
Along the lines of “knowing your network” with the network security guide. Here are some of the most commonly used network ports. There are 65535 ports that can listen for a connection, so this is not a thorough listing. (These are tcp unless noted otherwise.)