Re: Sniffable Switch Project

From: martin f krafft (madduckat_private)
Date: Wed Jul 17 2002 - 03:37:40 PDT

Next message: Jeff Epler: "Exploit for a security hole in the pickle module for Python versions <= 2.1.x"

Previous message: Peter Gründl: "KPMG-2002033: Resin DOS device path disclosure"
In reply to: Cedric Blancher: "Re: Sniffable Switch Project"
Next in thread: martin f krafft: "Re: Sniffable Switch Project"
Reply: martin f krafft: "Re: Sniffable Switch Project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

also sprach Cedric Blancher <blancher@cartel-securite.fr> [2002.07.16.2038 +0200]:
> All switches are "sniffable" if you use ARP cache poisoning tools such
> as arpspoof from dsniff package or arp-sk.

Wrong. More expensive switches by Cisco, HP, or others employ various
techniques against ARP cache poisoning. These range from port locking
when the MAC table changes (not applicable to a dynamic environment)
up to adaptive cache cleaning methods that prevent the cache from ever
filling up. And any switch above the $50 price range will employ
a hashmap for the ARP cache rather than a table-per-port approach.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
  
"the human brain is like an enormous fish --
 it is flat and slimy
 and has gills through which it can see."
                                                       -- monty python

application/pgp-signature attachment: stored

Next message: Jeff Epler: "Exploit for a security hole in the pickle module for Python versions <= 2.1.x"
Previous message: Peter Gründl: "KPMG-2002033: Resin DOS device path disclosure"
In reply to: Cedric Blancher: "Re: Sniffable Switch Project"
Next in thread: martin f krafft: "Re: Sniffable Switch Project"
Reply: martin f krafft: "Re: Sniffable Switch Project"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 08:34:47 PDT