HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 21 guests and 1 member online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008s
chicagocon2008s_125x200.jpg
ChicagoCon 2008s
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Toolsarrow Cain revailes itself?
Ethical Hacker Community Forums
July 04, 2008, 01:49:57 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Podcasts and slide decks from ChicagoCon 2008s talks coming soon! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Cain revailes itself?  (Read 1842 times)
0 Members and 1 Guest are viewing this topic.
inetbogey
Newbie
*
Offline Offline

Posts: 4


View Profile
« on: April 18, 2008, 01:01:49 PM »
Yesterday i was running Cain on my windows 2000 pro laptop.
i was using the sniffer and watching 4 other machines.
while i was watching the traffic to and from a proxy server, one of the PC's i was watching,  gave an error msg about a duplicate IP address and pulled itself from the LAN.(a windows XP Pro SP2 machine)
i use static IP address and have DHCP disabled. i shut down the box, and was not able to find the same IP up on the LAN.
do you think that it found the Cain software? (man in the middle)
can the Cain software be spotted??
thanks.
inetbogey.
Logged
pseud0
Full Member
***
Offline Offline

Posts: 131



View Profile
« Reply #1 on: April 18, 2008, 02:29:40 PM »
I don't want to lead you in the wrong direction, so I need you to clarify your situation a bit.  To be clear, are using Cain's man-in-the-middle capabilities to sniff traffic on a switched network, or are you just sniffing a non-switched network?  If you are just plan sniffing then there shouldn't be any reason that another system could see you.  Those packets are going to every system on the wire.  If you are sniffing on a switched network then there is a chance that someone could pick you out.  In fact, some IDS systems do this automagically.  If the ARP table is examined it would reveal that more than one IP address is related to the same MAC address, which will start raising flags.  From the aspect of a windows system, it will check the local ARP tables after certain events, and as part of that check it looks for IP conflicts.  It wouldn't know that you stole the IP for malicious reasons, it would just know that someone else is claiming rights to the IP.
Logged
CISSP, CISM
inetbogey
Newbie
*
Offline Offline

Posts: 4


View Profile
« Reply #2 on: April 18, 2008, 03:31:35 PM »
OK this is the 3rd time i am trying to respond to this thread.
the way things are going right now i think the biggest problem is ME
my LAN is wired to a switch. the proxy server is wired to the switch.
i have checked the traffic on the LAN before without any problems.
this is the first time i looked at traffic from this XP box.
so how did the XP box know???
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.039 seconds with 22 queries.
 
BackTrack2 VM w/ MSF3

Get it here NOW!

Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008s_125x200.jpg
ChicagoCon 2008s

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008s_125x200.jpg
ChicagoCon 2008s
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.