Bugtraq mailing list archives
Re: STP mitm attack idea
From: wlet () gmx net
Date: Thu, 29 Apr 2010 08:31:43 +0200
Disadvantages of method. - stops whole traffic beetween switches, and needs delicate timing - when link beetween switch 1 and 2 is working we can't see frames that flying across wire
The whole Attack is theoretically possible. But only theoretically, because of the point that a flapping link between the two switches will be recognized by other hosts on the switches. That mean either you MitM the whole "interconnection" traffic of the switches or you get caught. The next point is: By periodically rebuilding the STP tree your're very noisy - the chance that this stays undetected in a monitored environment is very low. You also need a very good synchronization of the two attacker controlled hosts (start sending when the original interconnection link is back on, stop right before you cut again). And: The whole attack could be prevented with portfast and BPDU guard enabled. As a conclusion: Maybe possible, but it would make more sense to ARP-Spoof directly on each switch (I mean you already control a host in the same segment, why making it more complicated) - much easier, pretty straight forward and a lot more quite. wlet
Current thread:
- STP mitm attack idea Przemyslaw Borkowski (Apr 28)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Joel Maslak (Apr 29)
- Re: STP mitm attack idea Jean-Christophe Baptiste (Apr 29)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea wlet (Apr 29)
- RE: STP mitm attack idea Stefan Laudat (Apr 29)
- <Possible follow-ups>
- Re: STP mitm attack idea Jason T. Masker (Apr 29)
- Re: STP mitm attack idea Ivan Jager (Apr 29)
- RE: STP mitm attack idea Williams, Dan (Apr 30)
- Re: STP mitm attack idea Ivan Jager (Apr 29)