Penetration Testing mailing list archives
Re: [PEN-TEST] Datacenter Wiring
From: Aj Effin ReznoR <aj () REZNOR COM>
Date: Fri, 20 Oct 2000 11:55:21 -0700
If you start with the assumption that physical access is secure, you can suggest evaluating the vmps feature of Cisco's IOS. Simply, vmps manages a database of mac addresses and can shut down a switch port if an unrecognized device is connected. A switched network with vmps implemented reduces the risk of sniffing and network connectivity if an intruder gains physical access. -dan
The simple way around this is to disable the TX wirepair in the input to the snooping machine (all these phantom taps need to go *somewhere*). As was pointed out, some NICs require a link signal to functional properly, or entirely. I was unaware that Marcus Ranum had allegedly suggested using a diode in one of the wires instead of snipping, as this may not work in all scenarios, and also violates his anti-full disclosure concept by proposing such a criminal concept to the masses ;) Of course, if one were hellbent on a getting a sniffing machine inside a datacenter (serious corporate espionage may well budget for renting rack/cage space in a datacenter), a small amount of time spent evaluating NICs would be a minor investment to the "success" of a crim's "project". That said, if a machine is to be used in a situation wherein the wiring can't be modified (the endjack can't be replace with TX wires disabled because the inhouse wiring is exposed and can't be modified, etc) it's not hard at all with a quality Weller soldering station (retail under US$120) to either disable the TX pins internal to the card, or if need be, use a remove the pins then use a diode to bridge the TX points onboard the NIC itself. Cisco's solution does the best it can, but it can't do everything, and relying on it for a 'comfort zone' is a false sense of, well, you know..... -aj.
Current thread:
- Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training, (continued)
- Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training Christopher Misra (Oct 17)
- Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training Oliver Petruzel (Oct 17)
- Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training Alfred Huger (Oct 17)
- Re: [PEN-TEST] FW: [PEN-TEST] Forensic analisys and related training Bennett, Geoffrey (Oct 17)
- [PEN-TEST] Datacenter Wiring Tom Litney (Oct 18)
- Re: [PEN-TEST] Datacenter Wiring Frasnelli, Dan (Oct 18)
- Re: [PEN-TEST] Datacenter Wiring JLJ (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Andre Delafontaine (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring c0ncept (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Peter Van Epp (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Aj Effin ReznoR (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Darryl Luff (Oct 19)
- Re: [PEN-TEST] Datacenter Wiring JLJ (Oct 19)
- Re: [PEN-TEST] Datacenter Wiring Tom Litney (Oct 20)
- Re: [PEN-TEST] Datacenter Wiring Drew Simonis (Oct 21)
- Re: [PEN-TEST] Datacenter Wiring McGann, J (Oct 21)
- Re: [PEN-TEST] Datacenter Wiring Lady Sharrow (Oct 24)
- Re: [PEN-TEST] Datacenter Wiring Graham Lewis (Oct 25)
- Re: [PEN-TEST] Datacenter Wiring Jose Nazario (Oct 25)
- Re: [PEN-TEST] Datacenter Wiring van der Kooij, Hugo (Oct 25)
- [PEN-TEST] PEN TEST Price list Erick Arturo Perez Huemer (Oct 24)