Re: Testing Hubs and Switches

From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Wed Dec 11 2002 - 08:36:39 PST

Next message: Valgasu: "Re: Testing Hubs and Switches"

Previous message: s c: "Novell NDS"
In reply to: Julian Young: "Testing Hubs and Switches"
Next in thread: Valgasu: "Re: Testing Hubs and Switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le mer 11/12/2002 à 10:02, Julian Young a écrit :
> Some time back, i guess it was last summer,  somebody   was asking for
> volunteers to test their hubs and switches for security venerabilities. 
> as the time i think he wanted to  put together a who's who of switches
> and hubs.
> Does any one recognize this , remember any urls or what happened to the
> project.  I was unable to participate at the time but still like to test
> mine if they have not already been tested

Project seem to be stalled :

	http://www.alaricsecurity.com/ssp.html

It was an interesting idea, but the only submission is about ARP cache
poisoning, and we all know switches are vulnerable to this, just because
of their design.

> Further is any one knows of any testing tools / techniques i would also
> be very interested

Taranis will be a good start :

	http://www.bitland.net/taranis/

Taranis relies on MAC spoofing to redirect network traffic.

You can also have a look at dsniff package :

	http://monkey.org/~dugsong/dsniff/

It comes with macof tool that perform CAM table flooding. A switch can
fall into repeater mode for some MAC when CAM table is full.


If you want a complete view of switches attacks, have a look at Sean
Convery presentation at Black Hat USA 2002 you can find here :

	http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-02/

You'll find layer 2 attacks such MAC attacks, ARP attacks, protocols
attacks (CDP, DTP, VTP), VLAN hopping and others.

-- 
Cédric Blancher  <blancher@cartel-securite.fr>
Consultant en sécurité des systèmes et réseaux  - Cartel Sécurité
Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Valgasu: "Re: Testing Hubs and Switches"
Previous message: s c: "Novell NDS"
In reply to: Julian Young: "Testing Hubs and Switches"
Next in thread: Valgasu: "Re: Testing Hubs and Switches"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 11:53:33 PST