Bugtraq mailing list archives
Re: False security in switches and a little more Rconsole.
From: booloo () CATS UCSC EDU (Mark Boolootian)
Date: Tue, 13 Oct 1998 15:27:24 -0700
Most switches have some facility to allow you to monitor another port, the traffic of an entire VLAN, or even all traffic in the switch. If your switch is compromised, someone could listen in on your workstation conversations, which you thought were private.
A much more straightforward attack against switches involves a machine which can alter its ethernet address and which is directly attached to a switch. The machine generates a stream of packets, each coming from a unique ethernet address. Once the switch's forwarding table has filled, the switch will flood all subsequent traffic out all ports (excluding ports that have been configured specifically not to flood). At this point, the switch, in effect, resembles a repeater. Switches often offer mechanisms to limit the number of MAC addresses on a per port basis, but most folks don't bother with such configurations. mb
Current thread:
- Yet more Rconsole. JB (Oct 09)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)
- Re: False security in switches and a little more Rconsole. Mark Boolootian (Oct 13)
- A wee caveat - the freeware WAR-ftp server (most versions) Mnemonix (Oct 12)
- Re: A wee caveat - the freeware WAR-ftp server (most versions) Jarle Aase (Oct 14)
- Cisco security notice: CSCdk43920 command history release security-alert () cisco com (Oct 14)
- <Possible follow-ups>
- Re: Yet more Rconsole. Serge Pimenov (Oct 13)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)