Bugtraq mailing list archives
Re: STP mitm attack idea
From: news <news () phocean net>
Date: Thu, 29 Apr 2010 08:19:58 +0200
Le mercredi 28 avril 2010 à 18:20 +0200, Jann Horn a écrit :
Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:Second scenario: 1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2 A ---- switch 1 --X-- switch 2 ----- B | | | | C --no conn-- D 2. Station A sends frame to B 3. Frame is forwarded to C station 4. Station C stores frame in memory 5. After equal timing station C and station D repair link beetween switch 1 and 2 6. station C resends stored packet to station D (ie in tunnel or encapsulated in ip packet) 7. stations C and D break link beetween switches 1 and 2 8. station D sends transmitted packet to station BIf you had a WLAN-link, you could simplify that a lot - as far as I understand, you are able to make the switches redirect the traffic to your machines. Anyway, this attack sounds like something a good switch can easily prevent by having a list of "STP trusted ports" or something like that. Doesn't that exist?
I think I have heard about this attack before. Yes, a good admin should set all the port used by machine as portfast (no STP), keeping only the STP on the port attached to network devices. Then the attack would be really too noisy to be successful. It is also highly recommended to lock down the ports at L2 (port security). Well I hope every one here is doing it, as it can make such attacks really hard.
Current thread:
- STP mitm attack idea Przemyslaw Borkowski (Apr 28)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Joel Maslak (Apr 29)
- Re: STP mitm attack idea Jean-Christophe Baptiste (Apr 29)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea wlet (Apr 29)
- RE: STP mitm attack idea Stefan Laudat (Apr 29)
- <Possible follow-ups>
- Re: STP mitm attack idea Jason T. Masker (Apr 29)
- Re: STP mitm attack idea Ivan Jager (Apr 29)
- RE: STP mitm attack idea Williams, Dan (Apr 30)
- Re: STP mitm attack idea Ivan Jager (Apr 29)