Vulnerability Development mailing list archives
RE: switch jamming
From: Alexander <alex () bsdfreak org>
Date: Thu, 31 Jan 2002 11:25:22 -0500 (EST)
Hello, Static ARP entries can prevent this if implement on the switch (and it is a good idea to use them on all the network devices as well). Also, protocols such as IPSEC can strengthen any protocols tunneled through it against manipulation or sniffing. -- Regards, Alexander Editor BSDFreak.org e: alex () bsdfreak org w: http://bsdfreak.org/ ``Trials and tribulations of BSD users'' On Thu, 31 Jan 2002, Anthony Gruppuso wrote:
Does anybody know of any switches that can protect against this type of attack, or is virtually every switch affected? I imagine this is "old news," so what have vendors done to counteract this type of activity? -----Original Message----- From: Sebastian Jaenicke [mailto:tsa () jaenicke org] Sent: Wednesday, January 30, 2002 5:13 PM To: vuln-dev () securityfocus com Subject: Re: switch jamming Hi, On Wed, Jan 30, 2002 at 10:05:08PM +0000, Jan wrote: [..]how can i sniff upon a switched network segment ? a read some articlesabout "switch jamming" and "port mirroring" but up to know i didn't learn anything special at all.ca some of your guys out there help me ? (i'm sure some of you can butare you willing, too ?)This can be achieved by flooding the switch with spoofed ARP packets until its internal MAC table is filled up - most switches will then revert to "hub mode" and therefore broadcast all traffic to the network where it can easily be sniffed. http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm should give you some (more accurate?) information. Sebastian -- Sebastian Jaenicke whois pgpkey-18AC0BE4 () whois ripe net|perl -ne's-^certif: +--&&print' "Object-oriented programming is an exceptionally bad idea which could only have originated in California." --Edsger Dijkstra
Current thread:
- Re: DoS against DHCP, (continued)
- Re: DoS against DHCP Russell Handorf (Jan 30)
- Re: DoS against DHCP Craig Van Tassle (Jan 30)
- Re: DoS against DHCP Felix Lindner (Jan 31)
- Re: switch jamming Blue Boar (Jan 30)
- RE: switch jamming Ed Moyle (Jan 30)
- Re: switch jamming sean whalen (Jan 30)
- RE: switch jamming Henniges, Matthew (ISS) (Jan 30)
- RE: switch jamming Anthony Gruppuso (Jan 31)
- Re: switch jamming Blue Boar (Jan 31)
- Re: switch jamming ALoR (Jan 31)
- RE: switch jamming Alexander (Jan 31)
- Re: switch jamming Blue Boar (Jan 31)
- RE: switch jamming Toni Heinonen (Jan 31)
- Re: switch jamming blast (Jan 31)
- RE: switch jamming blast (Jan 31)
- RE: switch jamming Richard Corley (Jan 31)