>Most switches have some facility to allow you to monitor another port, the >traffic of an entire VLAN, or even all traffic in the switch. If your >switch is compromised, someone could listen in on your workstation >conversations, which you thought were private. A much more straightforward attack against switches involves a machine which can alter its ethernet address and which is directly attached to a switch. The machine generates a stream of packets, each coming from a unique ethernet address. Once the switch's forwarding table has filled, the switch will flood all subsequent traffic out all ports (excluding ports that have been configured specifically not to flood). At this point, the switch, in effect, resembles a repeater. Switches often offer mechanisms to limit the number of MAC addresses on a per port basis, but most folks don't bother with such configurations. mb
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:33 PDT