Well, if anyone else is familiar with network security and Ettercat, feel free to chime in
I had a network security class earlier (actually yesterday now) evening. Anyhow, lets say the class has been having a little fun using this
On Monday, and then again today someone did some ARP poisoning I gather, which crashed the network. Tuesday morning, the first class, well, they probably had to bring it up again
Anyhow, not everyone in the class had their hard drives, so they were ghosting the image over, so everyone could do today's assignment.
While waiting, the class was having fun hacking each other... One person for instance got my IP and used my box as a relay for their own attack, which I caught onto, and added their IP to my
file... After which, I loaded up port sentry, and then turned around, and started fingering their box and stuff in return, and then gave them a DoS attack (the same one that grabbed my IP) from, well I directed it from a "fake host" which was the broadcast address (lest they then try to black list that), upon the attacking host
Some people in the back row, were doing it to each other too... Oh, and don't worry, this is a private, non-routable address space (wrt the Internet), and things are pretty well isolated so, well most things wouldn't propogate beyond the room. It's there for peeps to learn networking, which in our case is learn network security...
About this ARP poisioning though. I notice in the Ettercat interface there is an "un-poisoning" option. Which makes me wonder. Could a person set up one box, so that after someone else (a different computer, either that really is on the network, or is posing as if it should be) poison's the ARP tables in the switch, from this one box one could "un-poison" their own network without having to go back and physically reset the switch?
Of course re-setting the switch can work in a class room (where the equipment is right there), but I could imagine in a corporate network, where different segments of the network can be located where-ever, it could be a bit of a pain...especially where the switch is physically somewhere else...
Perhaps I could get someone to crash the network again (as someone in our class seems to take great delight in
) and then try to re-fix it without rebooting the switch and all, but I'm wondering if it's even possible or worth the time to try?