Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unhealthy Sniffing

Posted by timothy on from the price-of-slurping dept.

Simon Doring writes "Stefan Esser did it again. Yesterday he reported 13 remote root vulnerabilities in Ethereal. Time to teach all those sniffing kiddies an unhealthy lesson. The next LAN party will be a lot of fun."

4 of 49 comments (clear)

  1. other uses than spying. by gl4ss · · Score: 4, Informative

    network sniffers are useful for other things as well.

    just this spring had to use ethereal on one networking course to follow ethernet packets, which computer was asking what from who, how the router affected the packets and how a hub is different from a switch(all and all quite basic stuff but still it was quite useful for gaining insight to the different protocols in real world like situation)..

    how about the windows port?

    --
    world was created 5 seconds before this post as it is.
    1. Re:other uses than spying. by silvercloak · · Score: 5, Informative

      The article makes this clear: Ethereal is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product.

  2. Re:passive scanner by DES · · Score: 5, Informative

    The right way to do passive scanning is with an ethernet cable that has the tx leads removed.

    Can't do that with UTP. The link pulse travels over the same wire, so the hub or switch will deactivate the port and you won't see any traffic at all. What you can do is cut the TX pin on the AUI connector when using an external tranceiver, but nobody uses those any more.

    In BSD derivatives, you can up an interface without giving it an address, attach to it with bpf and set it in promiscuous mode. You'll see all the traffic on the wire, but none of it will go into the network stack and no outgoing traffic will be generated unless you do it yourself.

    (I write network analysis software for a living)

  3. Re:Did they give the maintainers a heads up? by Grotus · · Score: 4, Informative
    From the article:
    Disclosure Timeline

    5 March 2004 Ethereal developers were contacted by email telling them about 10(of the 13) holes. 6 holes were closed the same day EIGRP, IGAP, ISUP and BGP.
    7 March 2004 IRDA hole closed (after checking specs)
    8 March 2004 PGM hole closed (after checking specs)
    9 March 2004 NetFlow hole closed (after checking specs)
    17 March 2004 UCP holes were discovered and mailed to vendor
    19 March 2004 UCP and TCAP holes closed (after checking specs)
    22 March 2004 Ethereal developers have releases a mini advisory urging their users to upgrade to version 0.10.3 which will be released later this week
    23 March 2004 Public Disclosure


    So, yes, they did let them know, and the holes have already been fixed.
    --
    "From my cold, dead hands you damn, dirty apes!" - CH