On Wed, May 05, 1999 at 09:15:25AM +0100, ian.vitekat_private wrote: > Infosec Security Vulnerability Report > No: Infosec.19990305.macof.a > ===================================== > > Vulnerability Summary > --------------------- > > Problem: Due to limitation with ARP/MAC-tables; > switches could start sending packages to all ports, > other network devices could hang, crash or reboot > if they receive lots of MAC-addresses. This doesn't seem like a major issue, as long as PER PORT Mac limit < x < y < PER SWITCH Mac limit and y-x is a reasonable size. Since you can only generate Mac addresses which will be recorded on the port of the switch your attacking box is connected to, you won't be able to overload the box entirely. You will be able to knock valid local (i.e. on your segment) Macs out of the table, but this will only give the switch a little extra work to do (packet replication). All the traffic to or from hosts on the same port as you should already be sniffable anyway. Displacing existing Macs will disrupt traffic as mentioned, but it's worth noting that on some brands of VLAN capable switch, the same Mac can exist without conflict in more than 1 VLAN. So you'll only be affecting the VLAN you're connected to. -- David Maxwell, davidat_private|davidat_private --> Mastery of UNIX, like mastery of language, offers real freedom. The price of freedom is always dear, but there's no substitute. Personally, I'd rather pay for my freedom than live in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:45:16 PDT