Security Basics mailing list archives

RE: Unauthorised switchport access

From: "Erick Jensen" <ejensen () vibrant com>
Date: Tue, 14 Nov 2006 13:56:46 -0600

In a short answer, yes, you are at risk.  But how much risk?  That's up
to you.

If you shutdown unused ports, that would help.  But that would only
allow a MITM attack on an active port.  You could then bind the MAC
address of the 'trusted' machine to the port.  That means they would
have to spoof the MAC, which is do-able.  

To secure beyond all of that you would need something else in place.
For example, IPsec across the network.  I think you have to decide
what's at risk and weigh out the options.  

I think your easiest, most reliable fix would be locks on the wiring
closets.

Something you can try?  Get Cain & Able and arp poison the network to
sniff the traffic on a switched network.  It's quick and simple, and
proof you are at risk.  If everything was encrypted, that would a
useless test.

Erick



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of gary.shaw () dfpni gov uk
Sent: Tuesday, November 14, 2006 3:36 AM
To: security-basics () securityfocus com
Subject: Unauthorised switchport access

Guys

I am responsible for several LANs that include sharing WCs with other
organisations, and therefore access to my 3750 switches in unlocked
cabinets. 
I have no port security enabled and the ports are not shut down. 
I would like to know the security implications of having unused
switchports available to anyone eg with a laptop & DHCP configured? 
Are there any simple pentests i could complete myself?
Is my organisation's network a sitting duck??
Thanks in advance!

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Unauthorised switchport access gary . shaw (Nov 14)
- Re: Unauthorised switchport access Aaron Howell (Nov 15)
- Re: Unauthorised switchport access Kern (Nov 15)
  - RE: Unauthorised switchport access David Gillett (Nov 15)
- Re: Unauthorised switchport access MaddHatter (Nov 15)
- RE: Unauthorised switchport access Murda Mcloud (Nov 15)
- <Possible follow-ups>
- RE: Unauthorised switchport access Scott Ramsdell (Nov 15)
- RE: Unauthorised switchport access Erick Jensen (Nov 15)
- RE: Unauthorised switchport access dholton1 (Nov 16)