Hi !

How would an attack like that look like ? It´s already easy to
get a file somebody else is leeching (filesnarf).
Somebody an Idea, how to prevent the original file to reach its destination, and even more important - How to inject the modified file right afterwards ?
The modification would become obvious with files that have certificates, so a Microsoft Update wouldn´t do, but what about any other file.. ??

Maybe the idea sounds a bit wild, but I know it has been done with proxies, which do also nothing more then my PC - forwarding Traffic, right ?

Just an Idea, Peace.

I don't know really. My guess would be starting w/ service hijacking like DNS or protocol hijacking like IP or ARP. Session hijacking and routing is probably more difficult, but I think Cain & Abel can handle this, but I think you would need something more CLI intensive.

It would be good to find out whether or not the client requests or recieves some type of file size or CRC or MD5 sum check dependant on whether it's HTTP, FTP or something else. I think some good Wireshark packet analysis and self-study on SSH or DNS MITM may get you some conceptual mileage on this. Good luck.