This article shows how easy a hacker could use ARP SPOOFING to get your network information and what you are doing….and how:

ARP (Address Resolution Protocol) can be ran on your network by attackers to make their systems appear to be on your network. When the MAC (media access control) address mapping – ARP tables are hijacked and being changed, the information between your computers in your network can be hijacked as well because they thought your machine was trusted. It’s called a Man-in-the-middle (MITM) attack.

Spoofed ARP replies can be sent to a switch very quickly, which can crash an Ethernet swithc or (hopefully) make it revert to broadcast mode, which is a hub. then an attacker can sniff every packet going through the switch without bothering with ARP spoofing.

Cain and Abel (www.oxid.it/cain.html) – Free, analysis, ARP poisoning, VOIP capture/replay, password cracking, and more.

(more…)

Wildpackets EtherPeek (www.wildpackets.com/products/etherpeek/overview)

TamoSoft’s CommView (www.tamos.com/products/commview) and Sunbelt Software’s LanHound ( www.sunbelt-software.com/lanhound.cfm).

Cain and Abel (www.oxid.it/cain.html) – Free, analysis, ARP poisoning, VOIP capture/replay, password cracking, and more.

Ethereal (www.ethereal.com) – free.available on Windows and UNIX. Very good considering it’s free. (or go to http://www.download.com/3120-20_4-0.html?tg=dl-20&qt=ethereal&tag=srch)
ettercap (ettercap.sourceforge.net) – available on Windows and UNIX

FIREWALL RULES

1. Netcat:(http://www.vulnwatch.org/netcat/)

example: to check if the firewall allows port 23 (telnet)

nc -l -p 23 cmd.exe

nc -v ip_address 23

2. Traffic IQ Pro by Karalon (www.karalon.com)

- With 2 NIC card between internal segment and the DMZ zone. By Generate generic and /or malicious traffic see if the firewall is doing what it syas it’s doing.

3. Firewalk (packetfactory.net/firewalk) for the UNIX platform.

COUNTERMEASURES against FIREWALL attacks:

1. limit traffic to what’s needed

2. Block ICMP to help prevent abuse from some automated tools, such as firewalk.

3. Enable stateful packet inspection on the firewall, if you can. It can block unsolicited requests.

• 
  List of TCP and UDP port numbers

Q:How to setup LAN/NETWORK Connection if I run BackTrack2 on a CD with VMWARE?

A: If you want the easiest way to fix it, change the network setting to bridged connection before boot. But this option won’t give you a seperate IP.

For the advanced solution, use NAT connection in the setting before boot. Use ifconfig -a or netstat -a to see if the ethernet card is registered. If it is, then you could use dhcpcd eth0, depending on wich network card, you use ;If you don’t know, start at 0,1,2 and so on.) Or do it manually:

ifconfig eth0 192.168.1.34/24
(Give this command twice if it tells you it can’t set an IP address)
route add default gw 192.168.1.254
echo nameserver 192.168.1.1 > /etc/resolv.conf

Where 192.168.1.34 is the IP address you want, 192.168.1.254 is the default gateway and 192.168.1.1 is your dns server

or

ifconfig ath0 down
ifconfig ath0 hw ether [new MAC adress]
ifconfig ath0 up

Our weblog is Free 1and1 Weblog provided by 1 and 1 Hosting (1and1.com):

Best Linux on CD : Best Security Live CD Distros (Pen-Test, Forensics & Recovery)

I recommend these 3 because BackTrack and Debian are very useful and Knoppix is just very easy to use.

1. BackTrack (http://www.sinoclip.com/blog/2007/02/03/learning-about-computer-security/)
2. Operator v3.3.20
• Operator is a very fully featured LiveCD totally oriented around network security (with open source tools of course).Operator is a complete Linux (Debian) distribution that runs from a single bootable CD and runs entirely in RAM. The Operator contains an extensive set of Open Source network security tools that can be used for monitoring and discovering networks. This virtually can turn any PC into a network security pen-testing device without having to install any software. Operator also contains a set of computer forensic and data recovery tools that can be used to assist you in data retrieval on the local system.
3. Knoppix 5.1.1 (http://www.knoppix.org/ )

I think having these three Linux is good enough for us. If you plan to know more. Click here.