That's exactly it. Also some switches (cats?) just plain to into "hub mode" when supervisor usage goes over 70%. Reason: It's better that we loose switching than management ability and (possibly?) VLAN definitions. Both of which are done on the supervisor. Dom -----Original Message----- From: Mauro Flores [mailto:almauriat_private] Sent: 21 August 2001 19:32 To: vuln-devat_private Subject: Re: MiM Simultaneous close attack Robert Freeman wrote: > I don't think you can get exactly what you want Paul. About the switched > networks in general, you could: > > 1) Spoof an existing MAC (not reliable) > 2) Flood your switch with MAC announcements (may become a nice hub!) > 3) Sniff the initial ARP broadcast and reply (hassle for all packets) > > regards, > Robert > > btw, a MiM DoS? ...geez. Hi!! Can enyone explain me (or point me an URL) why if i flood the switch MAC table it would became a hub?? The only case i can undestand that the switch became a hub is if i can fill the switch Mac table with faked Macs... otherwise the switch will still work as a switch... am i wrong on this?? Thanks! see arround, Mauro Flores
This archive was generated by hypermail 2b30 : Tue Aug 21 2001 - 21:58:49 PDT