http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspxI recently worked on an interesting incident response with several of my colleagues. The problem, as defined by the customer, is that the following code is being injected into some websites (both external and internal to his environment) that his usersen-USCommunityServer 2.1 SP1 (Build: 61025.2)http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#1391971Fri, 29 Jun 2007 07:15:32 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1391971Robert Hensing's Blog<p>So we all know ARP poisoning / spoofing is really easy to do and it's not a new concept at all . . .</p> http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#1447049Thu, 05 Jul 2007 21:51:40 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1447049TrackBackhttp://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#1449173Fri, 06 Jul 2007 00:20:58 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1449173Neil Carpenter's Blog<p>After investigating an ARP spoofing incident recently, I started thinking of how we could easily ferret</p> http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#1458153Fri, 06 Jul 2007 18:31:56 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1458153TrackBackhttp://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#1623238Fri, 27 Jul 2007 03:12:44 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:1623238褚诚云<p>ARP缓存污染（cache poison）加上IFrame 嵌入（Injection）的攻击，最近开始较多的被病毒程序使用</p> http://blogs.technet.com/neilcar/archive/2007/06/28/arp-cache-poisoning-incident.aspx#2652770Mon, 17 Dec 2007 05:40:30 GMTd5e57398-b9ef-4490-9955-07cbb4e4a80d:2652770csdnexpert<p>最近收到了一位IT行业朋友的来信，说他遇到了这么一个现象，百思不得其解。</p>