Security Basics mailing list archives
Re: Network Configuration Question?
From: "netsec novice" <netsec9 () hotmail com>
Date: Tue, 05 Nov 2002 16:14:18 +0000
I recently saw similar behaviour running tcpdump on my workstation that is attached to a Cisco catalyst switch. I would be interested to find any answers myself.
From: "Ian Lyte" <ilyte () alias666 freeserve co uk> To: <security-basics () securityfocus com> Subject: Network Configuration Question? Date: Mon, 4 Nov 2002 16:58:37 -0000 Hi All, On a corporate machine, I was having trouble removing the TinyBar scrote-ware that had installed itself surreptitiously onto my machine. As part of the process of tracking down how it was running, I downloaded a small packet sniffer and ran it so I could attempt to trace the outgoing target address of the pop-up window. We are on a 100mbs switched network (I believe switched but ..).Now imagine my surprise when I could pick up traffic from around 6 othermachines, including HTTP, POP, SMTP and all the associated passwords. Some of the machines were geographically close to me in the office but not all. How could this happen on a switched network - has one of the switches fallen over into broadcast mode or something? If so how do I go about determining (remotely) why/how it has fallen over, who else is on the segment, and what other avenues do I have to explore? Thanks in advance Ian
_________________________________________________________________Unlimited Internet access for only $21.95/month. Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp
Current thread:
- Network Configuration Question? Ian Lyte (Nov 04)
- Re: Network Configuration Question? Pablo Gietz (Nov 06)
- <Possible follow-ups>
- Re: Network Configuration Question? netsec novice (Nov 05)
- RE: Network Configuration Question? Naman Latif (Nov 06)
- Re: Network Configuration Question? ktyler (Nov 08)