Penetration Testing mailing list archives
Re: ATM Switch Vulnerabilities
From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Wed, 17 Oct 2001 15:17:32 -0400 (EDT)
On Tue, 16 Oct 2001, Myron L. Cramer wrote:
I would appreciate any links or information relative to ATM Switch vulnerabilities or risks, especially anything that works below the IP level. Thanks.
what kind of ATM? LANE? CLIP? pure ATM? if its LANE, you can abuse the ARP table size and shove unicasts to the BUS, leaking traffic, on some switches, especially edge devices. its not pretty. Fore (now marconi) used to have some API code for doing ATM cells from the ground up. just some thoughts. also, a lot of Fore switches ran Solaris. you could get in and abuse the switching tables there. ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- ATM Switch Vulnerabilities Myron L. Cramer (Oct 17)
- Re: ATM Switch Vulnerabilities Jose Nazario (Oct 17)