Re: Locating switches in a multi-layer switching environment

["Mathieu CHATEAU" <gollum123 () free fr>]

hopefully or not, many switched run very outdated firmware :) and portfast 
is not enabled by default :)

with this it's easy to now if portfast is on... plug the network, without 
portfast you have to wait nearly 30s before getting network going through

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- 
From: "Lay, Rob" <Robert.Lay () Honeywell com>
To: "Mathieu CHATEAU" <gollum123 () free fr>; "Jon R. Kibler" 
<Jon.Kibler () aset com>; <pen-test () securityfocus com>
Sent: Wednesday, March 21, 2007 4:32 PM
Subject: RE: Locating switches in a multi-layer switching environment


Hi

This would work in some cases but a lot of switch deployments now
configure user ports to shutdown if they receive spanning tree BPDUs (In
Cisco switches the feature is called BPDU Guard which is enabled by
default if the port is set for portfast) and so your activity would
become "Noisy" very quickly.

Switch spoofing is something which most major switch manufacturers
(Cisco, Juniper etc) are now aware of and as such features similar to
the above are becoming a) more common, and b) starting to be turned on
by default.

You may have more luck with Trunking, although again features such as
portfast will not allow trunk negotiation.

HTH

Rob

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mathieu CHATEAU
Sent: 18 March 2007 09:20
To: Jon R. Kibler; pen-test () securityfocus com
Subject: Re: Locating switches in a multi-layer switching environment

hello,

you might use open source tool to behave as a switch with your pc.
You can then try to access other vlan (trunking) or be in the spanning
tree
(which is the root one?)

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- 
From: "Jon R. Kibler" <Jon.Kibler () aset com>
To: <pen-test () securityfocus com>
Sent: Sunday, March 18, 2007 2:46 AM
Subject: Locating switches in a multi-layer switching environment


> Hi,
>
> A network recon question: When pen testing an environment that deploys

> multi-layer switching, how can one reliably map the network and the
> relative location of all of the switches?
>
> Add to this VLANS... How can you map VLANs that are on the network,
> especially if your access is but on one VLAN, and that VLAN is
different
> than the switch management VLAN?
>
> Thoughts, tools, tricks, white papers, etc. appreciated.
>
> THANKS!
> Jon Kibler
> --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> (843) 849-8214
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
>
------------------------------------------------------------------------
>


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------