Penetration Testing mailing list archives

RE: unswitched behavior of a switched network...

From: "Erin Carroll" <amoeba () amoebazone com>
Date: Tue, 17 Oct 2006 13:16:03 -0700

All,

I've let the last few posts on this subject today go through (you'll be
seeing them hit your inbox shortly) but unless this steers back toward a
pen-test focused discussion I'll reject further posts. The topic is
interesting and has covered a lot of routing concepts and aspects but this
is a pen-testing list and not Cisco support :)

Thanks,

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball"

-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com] On Behalf Of Jon Hart
Sent: Monday, October 16, 2006 2:54 PM
To: Buz Dale
Cc: Krugger; pen-test () securityfocus com
Subject: Re: unswitched behavior of a switched network...

On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:

I can think if a couple of possibilities.  1) This is
broadcast/multicast traffic. 2) The mac addresses are unknown to the
switch (So it will flood to find them.) 3) The port could be a trunk
or a mirror of a trunk.


I am also seeing normal broadcast/multicast traffic, but that is to be
expected.  #3 is not the case here.

As for #2, thats kinda where I was going with my original question --
why would a switch that is processing a session between two endpoints
suddently forget the MAC? Yes, there are timeouts in play here, but
aren't those along the lines of several minutes?

Thanks,

-jon

-----------------------------------------------------------------------
-
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701
600000008bOW
-----------------------------------------------------------------------
-



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

unswitched behavior of a switched network... Jon Hart (Oct 13)
- Re: unswitched behavior of a switched network... Krugger (Oct 16)
  - Re: unswitched behavior of a switched network... Ron (Oct 16)
    - Re: unswitched behavior of a switched network... David Swafford (Oct 16)
  - Re: unswitched behavior of a switched network... Buz Dale (Oct 16)
    - Re: unswitched behavior of a switched network... Jon Hart (Oct 16)
    - Re: unswitched behavior of a switched network... Tim (Oct 17)
    - RE: unswitched behavior of a switched network... Erin Carroll (Oct 17)
    - Re: unswitched behavior of a switched network... David C. Smith (Oct 18)
- Re: unswitched behavior of a switched network... Ben Nell (Oct 16)
  - Re: unswitched behavior of a switched network... Florian Osses (Oct 16)
  - Re: unswitched behavior of a switched network... Can't dig that daddy (Oct 16)
- Re: unswitched behavior of a switched network... Jan Rottschaefer (Oct 16)
- Re: unswitched behavior of a switched network... Nicob (Oct 16)
- <Possible follow-ups>
- RE: unswitched behavior of a switched network... Michael Scheidell (Oct 16)
  - Re: unswitched behavior of a switched network... Jon Hart (Oct 16)
  - RE: unswitched behavior of a switched network... Tonnerre Lombard (Oct 17)
- RE: unswitched behavior of a switched network... Michael Scheidell (Oct 16)