Hello, Static ARP entries can prevent this if implement on the switch (and it is a good idea to use them on all the network devices as well). Also, protocols such as IPSEC can strengthen any protocols tunneled through it against manipulation or sniffing. -- Regards, Alexander Editor BSDFreak.org e: alexat_private w: http://bsdfreak.org/ ``Trials and tribulations of BSD users'' On Thu, 31 Jan 2002, Anthony Gruppuso wrote: > Does anybody know of any switches that can protect against this type of > attack, or is virtually every switch affected? I imagine this is "old > news," so what have vendors done to counteract this type of activity? > > -----Original Message----- > From: Sebastian Jaenicke [mailto:tsaat_private] > Sent: Wednesday, January 30, 2002 5:13 PM > To: vuln-devat_private > Subject: Re: switch jamming > > > Hi, > > On Wed, Jan 30, 2002 at 10:05:08PM +0000, Jan wrote: > [..] > > how can i sniff upon a switched network segment ? a read some articles > about "switch jamming" and "port mirroring" but up to know i didn't > learn anything special at all. > > ca some of your guys out there help me ? (i'm sure some of you can but > are you willing, too ?) > > > > This can be achieved by flooding the switch with spoofed ARP packets > until > its internal MAC table is filled up - most switches will then revert to > "hub mode" and therefore broadcast all traffic to the network where it > can easily be sniffed. > > http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm should > give you some (more accurate?) information. > > Sebastian > -- > Sebastian Jaenicke > whois pgpkey-18AC0BE4at_private|perl -ne's-^certif: +--&&print' > "Object-oriented programming is an exceptionally bad idea which > could only have originated in California." --Edsger Dijkstra >
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 08:34:01 PST