Normally I don't post news about specific website issues however this was a great example of why you need
to protect your webserver from local networks threats as well as remote.
"Monday morning, Metasploit.com was temporarily hijacked using an
attack on the local area network of Metasploit's hosting provider.
Using what is technically known as ARP spoofing, the attacker was able
to intercept visitors to Metasploit.com, and instead serve them up a
page saying the site had been "hacked by sunwear ! just for fun. Users
were then redirected to a Chinese forum with an image of the hack.
The Metasploit server itself wasn't compromised, according to
Moore, who fairly quickly fixed the vulnerability by hard-coding the
right route for the packets.
But since some 250 other servers are hosted on the same local
area network at the service provider, they remain at risk, according to
Moore."
Article Link: http://blog.wired.com/27bstroke6/2008/06/hacker-hijacks.html
