Serious Question--ARP SPOOF/IT Department 01-19-2014, 12:25 AM
#1
Hello everyone, I work in an IT department at a University. I get incredibly bored when running updates of labs or dbanning hdd, so i decided to use cain to ARP attack a network(We have multiple at the university) This one particular is where cyber defense/ everything having to do with technology is. So after about 20 minutes of ARP attacks I found in plain text about 10 professors emails, The president of the college's email, plaintext both user/pass + a bunch of students.....
Now I work there, I'm not in security but I am wondering what should I do? I'm on the verge of telling them i did the spoofing attack, So the university can fix this issue. I have been doing research on protecting against ARP atttacks and i'm not an ADMIN just a lowly peon. But If you had this data what would you do?
I am currently working on a power point that shows how the attack took place and then how The university could start protecting ourselves from it. It's ridiculus how much of the IT world knows nothing and I MEAN NOTHING ABOUT SECURITY............. CRAZY
Thanks for the read, please inform me any idea's or if you think imma get the university's cops called instantly.. THANKS AGAIN
Now I work there, I'm not in security but I am wondering what should I do? I'm on the verge of telling them i did the spoofing attack, So the university can fix this issue. I have been doing research on protecting against ARP atttacks and i'm not an ADMIN just a lowly peon. But If you had this data what would you do?
I am currently working on a power point that shows how the attack took place and then how The university could start protecting ourselves from it. It's ridiculus how much of the IT world knows nothing and I MEAN NOTHING ABOUT SECURITY............. CRAZY
Thanks for the read, please inform me any idea's or if you think imma get the university's cops called instantly.. THANKS AGAIN
CHESSPLAYINGPENTESTINGITDEPOMONSTER
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)