Re: Sniffing on a switch

[Volker Tanger <vtlists () wyae de>]

Good morning!

Cedric Blancher <blancher () cartel-securite fr> wrote:
> Le mardi 01 novembre 2005 à 10:50 +0100, Volker Tanger a écrit :
> > If manual MAC/port mapping takes precedence over cache (which is
> > implementation dependant) - why not?
> > If port security disables the port (the attacker/flooder's one) as
> > soon as more than one MAC address is being announced there - why
> > not?
>
> ARP cache poisoning will still work because when your ARP cache poison
> someone, you actually don't change your MAC address at all... 
[...]
> You can see http://sid.rstack.org/arp-sk/ for further details on ARP
> cache poisoning.

Ah, THAT technique you were talkiong about. Sorry, name mixup in my
brain - I still was thinking of the switch's MAC/port cache (obviously).


> To quickly reach my point, port security, as a layer 2 mecanism, is
> _useless_ against ARP cache poisoning. 

Yepp, you're right. Thanks for clarifying.

Bye

Volker

-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------