Re: False security in switches and a little more Rconsole.

• Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen"
• Maybe in reply to: Chris Zagar: "False security in switches and a little more Rconsole."
• Next in thread: Peter Jeremy: "Re: False security in switches and a little more Rconsole."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>Most switches have some facility to allow you to monitor another port, the
>traffic of an entire VLAN, or even all traffic in the switch. If your
>switch is compromised, someone could listen in on your workstation
>conversations, which you thought were private.

A much more straightforward attack against switches involves a machine
which can alter its ethernet address and which is directly attached to
a switch.  The machine generates a stream of packets, each coming from a
unique ethernet address.  Once the switch's forwarding table has filled,
the switch will flood all subsequent traffic out all ports (excluding ports
that have been configured specifically not to flood).  At this point, the
switch, in effect, resembles a repeater.  Switches often offer mechanisms
to limit the number of MAC addresses  on a per port basis, but most folks
don't bother with such configurations.

mb

• Next message: Pavel Machek: "/tmp race in mc-4.5.0"
• Previous message: Aleph One: "CERT Vendor-Initiated Bulletin VB-98.10 - sco.mscreen"
• Maybe in reply to: Chris Zagar: "False security in switches and a little more Rconsole."
• Next in thread: Peter Jeremy: "Re: False security in switches and a little more Rconsole."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:33 PDT