RE: [suse-security] Attacks Against SSH 1 And SSL
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile it. First I had to install libnet which worked. Now I would need libnids. I found a version on the web, but it does not compile. gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAV E_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATE S=1 -DHAVE_BSD_UDPHDR=1 -I. libnids.c libnids.c:28: conflicting types for `pcap_open_live_new' /usr/include/pcap.h:119: previous declaration of `pcap_open_live_new' It's already weired, that it passes the -D_BSD_SOURCE. Do I have to change anything there, or do I have to compile dsniff with a special option? Thanks Raffy
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile it.
Yes, it's works perfectly in my SuSE 6.4.
First I had to install libnet which worked. Now I would need libnids. I found a version on the web, but it does not compile.
gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAV E_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATE S=1 -DHAVE_BSD_UDPHDR=1 -I. libnids.c libnids.c:28: conflicting types for `pcap_open_live_new' /usr/include/pcap.h:119: previous declaration of `pcap_open_live_new'
It's already weired, that it passes the -D_BSD_SOURCE. Do I have to change anything there, or do I have to compile dsniff with a special option?
Well I download libnet, libnids and OpenSSL from Internet, And I only do: ./configure; make make install. Do you download the latest version of libnids . I don't remember from where I download it, I'm sorry. But It's works ok. Luck. Carlos Cortes. SPAIN.
Thanks
Raffy
On Tue, 19 Dec 2000 10:49:23 +0100, you wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile
I tried dsniff some time ago. It compiled perfectly, appropiate libs included. But I noted that it doesn't work very well. 1) I telneted to another machine (in the same lan-segment as mine) and dsniff didn't catch anything. I telneted to my own machine (the one running dsniff) and then it caught well. Why? Please note that other sniffers like Sniffer Pro (on WinNT, same machine [dual boot]) works perfectly: they catch ALL traffic, include the one to other local machines. I mean, it's no problem of switching. 2) Repeating the former proccess, user/pass is not catch in all cases. It shows like a bit random behaviour. Comments? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi,
I successfully compiled dsniff 2.3, the BSD-db 3.1.17, libnids 1.13-1 and libnet
1.0.1b, as well as openssl 0.9.6 on a suse 7.0 installation with kernel 2.2.16.
Build problems with suse 6.4 may be caused by an outdated libnet installation.
Consult the dsniff faq www.monkey.org/~dugsong/dsniff/faq.html for further
information.
First I had similar troubles getting dsniff into action - it did not catch
anything. Then I forced dsniff in "magic" mode and used eth0 explicitly. The
command line reads: dsniff -m -i eth0 . Afterwards the packets started to roll
in, even from hosts other than the dsniff machine in the same subnet (I tried
it with ftp, telnet, pcanywhere and pop3).
Boris
On Tue, 19 Dec 2000 10:49:23 +0100, you wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile
I tried dsniff some time ago. It compiled perfectly, appropiate libs included. But I noted that it doesn't work very well.
1) I telneted to another machine (in the same lan-segment as mine) and dsniff didn't catch anything. I telneted to my own machine (the one running dsniff) and then it caught well. Why? Please note that other sniffers like Sniffer Pro (on WinNT, same machine [dual boot]) works perfectly: they catch ALL traffic, include the one to other local machines. I mean, it's no problem of switching. 2) Repeating the former proccess, user/pass is not catch in all cases. It shows like a bit random behaviour.
Comments? [...]
On Tue, 19 Dec 2000, RoMaN SoFt / LLFB!! wrote:
On Tue, 19 Dec 2000 10:49:23 +0100, you wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile
I tried dsniff some time ago. It compiled perfectly, appropiate libs included. But I noted that it doesn't work very well.
1) I telneted to another machine (in the same lan-segment as mine) and dsniff didn't catch anything. I telneted to my own machine (the one running dsniff) and then it caught well. Why? Please note that other sniffers like Sniffer Pro (on WinNT, same machine [dual boot]) works perfectly: they catch ALL traffic, include the one to other local machines. I mean, it's no problem of switching. 2) Repeating the former proccess, user/pass is not catch in all cases. It shows like a bit random behaviour.
Comments?
I tried the arpredirect feature as soon as I heard about it. Scared the shit out of me really (thanks Dug ;-)). I found that as long as I was just using dsniff (I think it was 2.1 then), I sniffed everything going in and out of my box without a problem. However, when I used arpredirect to redirect traffic through my machine, dsniff wouldn't pick it up (maybe because it wasn't directed at my ip anymore but just passing trough? Haven't exactly checked the code for a why). So I used a combination of arpredirect and sniffit, and nicely saw everything going on in the testlab. Oh, and it compiles nicely on both 6.4 and 7.0 Stefan
On Tue, 19 Dec 2000, RoMaN SoFt / LLFB!! wrote:
On Tue, 19 Dec 2000 10:49:23 +0100, you wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile
I tried dsniff some time ago. It compiled perfectly, appropiate libs included. But I noted that it doesn't work very well.
1) I telneted to another machine (in the same lan-segment as mine) and dsniff didn't catch anything. I telneted to my own machine (the one running dsniff) and then it caught well. Why? Please note that other sniffers like Sniffer Pro (on WinNT, same machine [dual boot]) works perfectly: they catch ALL traffic, include the one to other local machines. I mean, it's no problem of switching. 2) Repeating the former proccess, user/pass is not catch in all cases. It shows like a bit random behaviour.
Comments? Depends on your network. If you use switches then dsniff cant sniff so easily. To use dnsiff there you must invoke some other tools which are delivered with it. Normal sniffers only work in hub-ed environment.
Sebastian
I had trouble with 7.0 until I went to... http://rpmfind.net/linux/rpm2html/search.php?query=libnids RPM is always easier ;) Later, L Raffy wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile it. First I had to install libnet which worked. Now I would need libnids. I found a version on the web, but it does not compile.
gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAV E_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATE S=1 -DHAVE_BSD_UDPHDR=1 -I. libnids.c libnids.c:28: conflicting types for `pcap_open_live_new' /usr/include/pcap.h:119: previous declaration of `pcap_open_live_new'
It's already weired, that it passes the -D_BSD_SOURCE. Do I have to change anything there, or do I have to compile dsniff with a special option?
Thanks
Raffy
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- POWERED BY ---------- / / (_)__ __ ____ __ --------- ------- / /__/ / _ \/ // /\ \/ / -------- ---- /____/_/_//_/\_,_/ /_/\_\ ------ ____________________________________________________________________ Gambit Technologies (Pty) Ltd E-MAIL : lynton@gambit.co.za WEB : http://www.gambit.co.za TEL : +27 11 804-6547 FAX : +27 11 804-6548 ____________________________________________________________________ The recipient acknowledges that Gambit Technologies (Pty) Ltd is unable to exercise control over the content of information contained in transmissions made via the Internet. Gambit Technologies (Pty) Ltd hereby excludes any warranty as to the quality or accuracy of any information contained in this message and any liability of any kind for the information contained in it, or for its transmission, reception, storage or use in any way whatsoever. ____________________________________________________________________
Hello,
gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAV E_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_ STATE S=1 -DHAVE_BSD_UDPHDR=1 -I. libnids.c libnids.c:28: conflicting types for `pcap_open_live_new' /usr/include/pcap.h:119: previous declaration of `pcap_open_live_new'
It's already weired, that it passes the -D_BSD_SOURCE. Do I have to change anything there, or do I have to compile dsniff with a special option?
If you have installed libnetn (Series d), the gcc shows "libnids.c:28: conflicting types for `pcap_open_live_new'" (This should be an entry in pcap.h) So, first remove libnetn and use libnet insteed. dsniff will compile without using "pcap_open_live_new". After installing correctly you can reinstall libnetn, if you want (used for snort...) This is only a workaround, but we've tested this kind of spoofing/sniffing a while ago, and found this way to test... Greetings, Oliver Grube Network Security Engineer ******************************************** iT_SEC - enabling trusted ebusiness ******************************************** iT_SEC Deutschland GmbH Dünner Strasse 247, 41066 Mönchengladbach T: +49 2161 6897-0 // F: +49 2161 6897-199
On Tue, 19 Dec 2000, Raffy wrote:
"SecurityPortal has a very interesting article by Kurt Seifried in which he writes "dsniff 2.3 allows you to exploit several fundamental flaws in two [snip]
Does anyone have dsniff 2.3 running on Suse 6.4? I just tried to compile it. First I had to install libnet which worked. Now I would need libnids. I found a version on the web, but it does not compile.
gcc -c -g -O2 -D_BSD_SOURCE -D_BSD_SOURCE -D__BSD_SOURCE -D__FAVOR_BSD -DHAV E_NET_ETHERNET_H -DLIBNET_LIL_ENDIAN -Wall -DHAVE_ICMPHDR=1 -DHAVE_TCP_STATE S=1 -DHAVE_BSD_UDPHDR=1 -I. libnids.c libnids.c:28: conflicting types for `pcap_open_live_new' /usr/include/pcap.h:119: previous declaration of `pcap_open_live_new'
Hi, ups, there the pcap clashes with libnids. We call one of our functions pcap_open_live_new for 2.2+ kernels. This function is static, though. Seems like redeclares this function ? For workaround commenting out the declaration of pcap_open_live_new() in pcap.h should work. bye, Sebastian
participants (8)
-
Boris Lorenz
-
Carlos
-
Lynton Clamp
-
Oliver Grube(@work)
-
Raffy
-
RoMaN SoFt / LLFB!!
-
Sebastian Krahmer
-
Stefan Suurmeijer