Penetration Testing mailing list archives
RE: Layer 2 Security And Penetration Testing
From: "Toni Heinonen" <Toni.Heinonen () teleware fi>
Date: Tue, 4 Jan 2005 01:51:09 +0200
My idea so far includes spoffing my MAC address, however, I still dont know to which MAC address should I switch my MAC to ? how do I know which MAC address is the legal one on a specific port ?
Do you know whether the port security option configured is fixed as in 1 MAC per 1 port, or 20 MACs for whole switch? If its 1 MAC per 1 port you can of course try and gain access to the switch configuration (or if they are stored in the network mgmt system or RADIUS server, in there). The easiest way would however be simply to gain access to an already used port. Then take a crossover cable, connect that from your system to the workstation, sniff the MAC, change that to your card and take the straight cable connected to the switch. If the MAC addresses are switch-centered (ie. 20 MACs allowed, port connected doesn't matter) then you could also try and use some MAC address another computer is also using. You'll have to do this if you can't disconnect any of the other workstations or none of the workstations are laptops people take with them. Otherwise you'd have to get access to the place where the legal MAC addies are stored. The Ciscoworks server, perhaps, or a RADIUS server? If there's 802.1x user authentication as well, then you're doomed. If it's just a switch configuration, check if the physical security aspect is dealt with, ie. if the switch is locked up properly. *** Otherwise, the classic trick to a fool a switch is of course to negotiate the port to *trunk* state. Buy a NIC that speaks 802.1q or ISL and fake you're a switch to switch in question. A lot of switches autonegotiate even workstation ports to trunk mode, if they aren't explicitly configured otherwise. *** Or you could just try and get to the trunk lines and the infrastructure in the beginning. Or grabbing a workstation already connected to the network. If there's 802.1x, these are your *only* options. -- TONI HEINONEN TELEWARE OY Mob. +358 40 836 1815 / Tel. +358 (9) 3434 9110 Laajalahdentie 23, FIN-00330 Helsinki, Finland toni () teleware fi / www.teleware.fi
Current thread:
- Layer 2 Security And Penetration Testing shiri yacov (Jan 03)
- Re: Layer 2 Security And Penetration Testing Jason Carr (Jan 03)
- Re: Layer 2 Security And Penetration Testing Enno Rey (Jan 03)
- Re: Layer 2 Security And Penetration Testing odinanne (Jan 04)
- <Possible follow-ups>
- FW: Layer 2 Security And Penetration Testing Billy Dodson (Jan 03)
- RE: Layer 2 Security And Penetration Testing Toni Heinonen (Jan 03)
- RE: Layer 2 Security And Penetration Testing Michael Scheidell (Jan 03)