Bugtraq mailing list archives
Re: STP mitm attack idea
From: "Jason T. Masker" <jason () masker net>
Date: Wed, 28 Apr 2010 17:26:09 -0400
Jann Horn <jannhorn () googlemail com> wrote on 04/28/2010 12:20:55 PM:
From: Jann Horn <jannhorn () googlemail com>
...
If you had a WLAN-link, you could simplify that a lot - as far as I understand, you are able to make the switches redirect the traffic to your machines. Anyway, this attack sounds like something a good switch can easily prevent by having a list of "STP trusted ports" or something like that. Doesn't that exist?
Best practice is to implement layer 2 security mechanisms which would identify these ports as "access" ports and shut them down if any STP traffic was received through these interfaces. On Cisco equipment, this is known as BPDU guard. http://www.cisco.com/en/US/customer/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml
Current thread:
- STP mitm attack idea Przemyslaw Borkowski (Apr 28)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Joel Maslak (Apr 29)
- Re: STP mitm attack idea Jean-Christophe Baptiste (Apr 29)
- Re: STP mitm attack idea news (Apr 29)
- Re: STP mitm attack idea Jann Horn (Apr 28)
- Re: STP mitm attack idea wlet (Apr 29)
- RE: STP mitm attack idea Stefan Laudat (Apr 29)
- <Possible follow-ups>
- Re: STP mitm attack idea Jason T. Masker (Apr 29)
- Re: STP mitm attack idea Ivan Jager (Apr 29)
- RE: STP mitm attack idea Williams, Dan (Apr 30)
- Re: STP mitm attack idea Ivan Jager (Apr 29)