also sprach Cedric Blancher <blancher@cartel-securite.fr> [2002.07.16.2038 +0200]: > All switches are "sniffable" if you use ARP cache poisoning tools such > as arpspoof from dsniff package or arp-sk. Wrong. More expensive switches by Cisco, HP, or others employ various techniques against ARP cache poisoning. These range from port locking when the MAC table changes (not applicable to a dynamic environment) up to adaptive cache cleaning methods that prevent the cache from ever filling up. And any switch above the $50 price range will employ a hashmap for the ARP cache rather than a table-per-port approach. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "the human brain is like an enormous fish -- it is flat and slimy and has gills through which it can see." -- monty python
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 08:34:47 PDT