Re: unswitched behavior of a switched network...

["David C. Smith" <dcs44 () georgetown edu>]

Usually a lurker - try looking for macof for CAM overflow attacks and
think basic traffic flooding.

Found this as a pretty good start...
http://www.ciscopress.com/content/images/1587201534/samplechapter/1587201534content.pdf

-Dave

Erin Carroll wrote:
> All,
>
> I've let the last few posts on this subject today go through (you'll be
> seeing them hit your inbox shortly) but unless this steers back toward a
> pen-test focused discussion I'll reject further posts. The topic is
> interesting and has covered a lot of routing concepts and aspects but this
> is a pen-testing list and not Cisco support :)
>
> Thanks,
>
> --
> Erin Carroll
> Moderator
> SecurityFocus pen-test list
> "Do Not Taunt Happy-Fun Ball" 
>
>
>   
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Jon Hart
> > Sent: Monday, October 16, 2006 2:54 PM
> > To: Buz Dale
> > Cc: Krugger; pen-test () securityfocus com
> > Subject: Re: unswitched behavior of a switched network...
> >
> > On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:
> >     
> > > I can think if a couple of possibilities.  1) This is
> > > broadcast/multicast traffic. 2) The mac addresses are unknown to the
> > > switch (So it will flood to find them.) 3) The port could be a trunk
> > > or a mirror of a trunk.
> > >       
> > I am also seeing normal broadcast/multicast traffic, but that is to be
> > expected.  #3 is not the case here.
> >
> > As for #2, thats kinda where I was going with my original question --
> > why would a switch that is processing a session between two endpoints
> > suddently forget the MAC? Yes, there are timeouts in play here, but
> > aren't those along the lines of several minutes?
> >
> > Thanks,
> >
> > -jon
> >
> > -----------------------------------------------------------------------
> > -
> > This List Sponsored by: Cenzic
> >
> > Need to secure your web apps?
> > Cenzic Hailstorm finds vulnerabilities fast.
> > Click the link to buy it, try it or download Hailstorm for FREE.
> > http://www.cenzic.com/products_services/download_hailstorm.php?camp=701
> > 600000008bOW
> > -----------------------------------------------------------------------
> > -
> >     
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>   


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------