Security Basics mailing list archives
RE: switched n/w
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 8 Dec 2004 08:34:37 -0800
In the normal run of things, switched data would not be sniffable without administrative access to a switch. But there are techniques, such as ARP poisoning, by which an attacker can intercept, and perhaps even modify, switched traffic. In general, it is probably easier to change data on a host than in transit, and ARP poisoning requires a host on the switched network to perform the attack. So my guess is that at least one host on your network is compromised, OR at least one of your users is up to something. I alluded above to administrative access. Most modern switches include a provision for a special port configuration to allow traffic to be sniffed. I would do that, paying particular attention to the ARP traffic. David Gillett
-----Original Message----- From: kaushal [mailto:kaushal () rocsys com] Sent: Tuesday, December 07, 2004 10:30 AM To: security-basics () securityfocus com Subject: switched n/w Hi, Iam a bit new to network securities.We have a switched network and to my knowledge a hosts' data cannot be sniffed by other host by runnning tcpdump.But Iam receiving complaints from few users that their data is being changed/manipulated.Is this possible? How can I avoid this at the host level?Does this mean the server has been compromised?Any help or pointer in this aspect would be highly appreciated. thanks in advance. kaushal.
Current thread:
- switched n/w kaushal (Dec 07)
- RE: switched n/w David Gillett (Dec 08)
- Re: switched n/w the.soylent (Dec 08)
- RE: switched n/w Rishi Pande (Dec 08)
- RE: switched n/w Chris Cirullo (Dec 09)
- Re: switched n/w Rino Mardo (Dec 08)
- Message not available
- Re: switched n/w Gautam R. Singh (Dec 08)
- Re: switched n/w M. Shirk (Dec 09)
- Re: switched n/w Gautam R. Singh (Dec 08)
- Re: switched n/w Andreas Putzo (Dec 08)
- Re: switched n/w Alexander Klimov (Dec 08)
- Re: switched n/w Grim (Dec 08)
- Re: switched n/w Jacob Weeks (Dec 08)