Penetration Testing mailing list archives
Re: unswitched behavior of a switched network...
From: "David C. Smith" <dcs44 () georgetown edu>
Date: Tue, 17 Oct 2006 20:24:27 -0400
Usually a lurker - try looking for macof for CAM overflow attacks and think basic traffic flooding. Found this as a pretty good start... http://www.ciscopress.com/content/images/1587201534/samplechapter/1587201534content.pdf -Dave Erin Carroll wrote:
All, I've let the last few posts on this subject today go through (you'll be seeing them hit your inbox shortly) but unless this steers back toward a pen-test focused discussion I'll reject further posts. The topic is interesting and has covered a lot of routing concepts and aspects but this is a pen-testing list and not Cisco support :) Thanks, -- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball"-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Jon Hart Sent: Monday, October 16, 2006 2:54 PM To: Buz Dale Cc: Krugger; pen-test () securityfocus com Subject: Re: unswitched behavior of a switched network... On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:I can think if a couple of possibilities. 1) This is broadcast/multicast traffic. 2) The mac addresses are unknown to the switch (So it will flood to find them.) 3) The port could be a trunk or a mirror of a trunk.I am also seeing normal broadcast/multicast traffic, but that is to be expected. #3 is not the case here. As for #2, thats kinda where I was going with my original question -- why would a switch that is processing a session between two endpoints suddently forget the MAC? Yes, there are timeouts in play here, but aren't those along the lines of several minutes? Thanks, -jon ----------------------------------------------------------------------- - This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701 600000008bOW ----------------------------------------------------------------------- ------------------------------------------------------------------------- This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- unswitched behavior of a switched network... Jon Hart (Oct 13)
- Re: unswitched behavior of a switched network... Krugger (Oct 16)
- Re: unswitched behavior of a switched network... Ron (Oct 16)
- Re: unswitched behavior of a switched network... David Swafford (Oct 16)
- Re: unswitched behavior of a switched network... Buz Dale (Oct 16)
- Re: unswitched behavior of a switched network... Jon Hart (Oct 16)
- Re: unswitched behavior of a switched network... Tim (Oct 17)
- RE: unswitched behavior of a switched network... Erin Carroll (Oct 17)
- Re: unswitched behavior of a switched network... David C. Smith (Oct 18)
- Re: unswitched behavior of a switched network... Ron (Oct 16)
- Re: unswitched behavior of a switched network... Krugger (Oct 16)
- Re: unswitched behavior of a switched network... Florian Osses (Oct 16)
- Re: unswitched behavior of a switched network... Can't dig that daddy (Oct 16)
- <Possible follow-ups>
- RE: unswitched behavior of a switched network... Michael Scheidell (Oct 16)
- Re: unswitched behavior of a switched network... Jon Hart (Oct 16)
- RE: unswitched behavior of a switched network... Tonnerre Lombard (Oct 17)
- RE: unswitched behavior of a switched network... Michael Scheidell (Oct 16)