Home > Uncategorized > Bejtlich’s Guiness World Record @ Blackhat…Largest (Attempted) Ettercap MITM Attack

Bejtlich’s Guiness World Record @ Blackhat…Largest (Attempted) Ettercap MITM Attack

Bejtlich_2So after finally making it to Vegas ( after 3 flight cancellations out of Logan) I got into my hotel room @ Caesar’s last night at around 2am in preparation for the week’s festivities at Blackhat and DEFCON.

This morning started out with Day Zero of Richard Bejtlich’s ("bate-lik" as he’s kind to remind you) TCP/IP Weapons School: Black Hat Edition.

What’s both sad and good about these classes is the reminder that the new attack vectors always seem to root back to old-school protocol tampering and the manipulation and application of attacks and exploits of vulnerabilities that still haven’t been mitigated.

The first half of the day has focused on good ol’ Layer-2 attacks; smashing the switch and the hosts attached for fun and…this works up the stack to more progressively evil layered attacks and abuse of all things holy.

Some folks might yawn at this approach, but Rich’s philosophy of starting with at the bottom and working up the stack reminds us of just how delicate the networks we take for granted still are.  There are many folks in this class that know a hell of a lot about attack/defend that still take some time answering questions as we go through the Wireshark protocol decodes.  It’s good mental gymnastics.  I’m way out of practice in some of this stuff.

To the topic of the blog entry at hand, we have about 60 guys and gals in this class and Rich organized a "lab" exercise that had 10 sets of "triplets" (sender, MITM attacker, recipient) participating in MITM attacks using Ettercap.

While I’m sure we’ve set no actual records (or perhaps we have!) it was fun to see how many people would disable the firewall rules on their laptops and subject themselves to intercept abuse ;)  The Hoff, however, remains entirely too paranoid to attach his machine to anything resembling a network here — despite the fact that it’s a bulletproof Mac ;)

It’s sad that Rich won’t be teaching this class anytime soon given his new job @ GE, because he’s a great instructor and his courses give a good balance of refresher, practical application of toolsets and in-depth protocol analysis all in one concise tidy package.

Thanks, Mr. B.

/Hoff

Img00020

Categories: Uncategorized Tags:
  1. March 5th, 2009 at 22:14 | #1

    I found another method at blackhat, sort of like this.
    http://www.thedomz.com/index.php/2008/11/28/prsto

  1. No trackbacks yet.