Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: unswitched behavior of a switched network...

From: Tim <tim-pentest () sentinelchicken org>
Date: Tue, 17 Oct 2006 06:57:39 -0400
Hello Jon,


As for #2, thats kinda where I was going with my original question --
why would a switch that is processing a session between two endpoints
suddently forget the MAC? Yes, there are timeouts in play here, but
aren't those along the lines of several minutes?



I'm no switch expert, but your last comment caused an hypothesis to pop
into mind.  Do any of your hosts have hard-coded MAC addresses set up?
This isn't common, but if you're trying to prevent ARP poisoning, one
might do this.  If you were to do this, and not tell the switch which
ports had those MACs, then it wouldn't get a chance to learn those MACs
since those hosts wouldn't bother sending ARP requests, right?  Just a
thought.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: