On 5 May 1999, ian.vitekat_private wrote: >Vulnerability Summary >--------------------- > >Problem: Due to limitation with ARP/MAC-tables; > switches could start sending packages to all ports, > other network devices could hang, crash or reboot > if they receive lots of MAC-addresses. > >Threat: Someone could eavesdrop/sniff network connections > over a switched network. > Denial of service attacks on a local network. >Solution: There is no today known solution to the problem. This problem is known. The problem is known as "Learning mode" and is the state the switch is in when it "learn" how the network is configurated. What it does is simply to record what port each mac-address is responding. How does the solution look like? Well. Don't use "learning mode" on the switch. In a secure environment you know most of the needed mac-addresses and the rest you should know anyway so you do not need "learning mode". But is it a limitation? Yes. The switch should notice that a port is behaving very strange and disable it (before it's MAC-table is flushed). -- /Emil "Man kan säga att jag har ett eget filsystem i min lägenhet. /Bornäs"
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:15 PDT