« Paper: Bypassing URL Authentication and Authorization with HTTP Verb Tampering | Main | Article: Quick tips for Web application security »

ARP Spoofing leads to hijacking of metasploit website

Normally I don't post news about specific website issues however this was a great example of why you need to protect your webserver from local networks threats as well as remote.

"Monday morning, Metasploit.com was temporarily hijacked using an attack on the local area network of Metasploit's hosting provider. Using what is technically known as ARP spoofing, the attacker was able to intercept visitors to Metasploit.com, and instead serve them up a page saying the site had been "hacked by sunwear ! just for fun. Users were then redirected to a Chinese forum with an image of the hack.

The Metasploit server itself wasn't compromised, according to Moore, who fairly quickly fixed the vulnerability by hard-coding the right route for the packets.

But since some 250 other servers are hosted on the same local area network at the service provider, they remain at risk, according to Moore."

Article Link: http://blog.wired.com/27bstroke6/2008/06/hacker-hijacks.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!