The Cisco switch code for many of their switches allows the use of port security as mentioned below. However, it is not just a one-to-one relationship. You have the ability to set a maximum number of learned mac addresses per port. For example you can set port 7/7 to have a maximum of 18 mac address, supporting a fan out hub. There are execeptions to this ability. You cannot set port security on a trunk port, span port, set cam entries for a secured port, and in some cases some gig uplink ports...these however are usually trunk port anyway. If you have Cisco switches you should check out the documentation specifically relating to port security for your particular switch type. Rich -----Original Message----- From: Blue Boar To: Anthony Gruppuso Cc: vuln-devat_private Sent: 1/31/02 8:15 AM Subject: Re: switch jamming Anthony Gruppuso wrote: > > Does anybody know of any switches that can protect against this type of > attack, or is virtually every switch affected? I imagine this is "old > news," so what have vendors done to counteract this type of activity? > The Cisco switches at least can be secured against this, if you can live with the inconvenience. If you have one machine per port, you can configure the switch to learn the first MAC address it sees, and then not accept frames from any other address. This means that you can't move machines around or changes NICs without the switch admin resetting the MAC address for the affected ports. It also means that you can't chain multiple machines off of any ports configured that way, say via a hub. BB
This archive was generated by hypermail 2b30 : Thu Jan 31 2002 - 10:40:08 PST