"In the recently reported attack, H D Moore's Metasploit Project
had all Internet traffic redirected to a defaced page, announcing
that a group called sunwear had hacked the site for fun. When H D
Moore initially received reports of the defacement, he was able to
verify that the site itself was completely functional, which hinted
at a network-based attack at some point upstream of his server.
"Given that it was affecting all network traffic headed for
Metasploit, it had to be a close network node, and it turned out
that another system in the same VLAN that held the Metasploit
systems had been compromised and then used to carry out an ARP
spoofing attack against Metasploit and the 200-plus other sites on
the same VLAN..."