RE: Locating switches in a multi-layer switching environment

["Jacek Materna" <jmaterna () voipshield com>]

LLDP is trying to be standardized. If you're developing applications, that's the way to go since it encapsulates 
current and future layer2 procs.


Jacek Materna
Development Team Lead
VoIPshield Systems Inc. 
16 Fitzgerald Rd, Suite 250
Ottawa, Ontario K2H 8R6
tel +1 (613) 224-4443 ext. 305
fax +1 (613) 224-3891
cell +1 (613) 878-6980
 
email: jmaterna () voipshield com
SIP: 305 () voipshield com
 
www.voipshield.com
Security for VoIP



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mathieu CHATEAU
Sent: Wednesday, March 21, 2007 4:20 PM
To: Lay, Rob; Jon R. Kibler; pen-test () securityfocus com
Subject: Re: Locating switches in a multi-layer switching environment

hopefully or not, many switched run very outdated firmware :) and portfast 
is not enabled by default :)

with this it's easy to now if portfast is on... plug the network, without 
portfast you have to wait nearly 30s before getting network going through

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- 
From: "Lay, Rob" <Robert.Lay () Honeywell com>
To: "Mathieu CHATEAU" <gollum123 () free fr>; "Jon R. Kibler" 
<Jon.Kibler () aset com>; <pen-test () securityfocus com>
Sent: Wednesday, March 21, 2007 4:32 PM
Subject: RE: Locating switches in a multi-layer switching environment


Hi

This would work in some cases but a lot of switch deployments now
configure user ports to shutdown if they receive spanning tree BPDUs (In
Cisco switches the feature is called BPDU Guard which is enabled by
default if the port is set for portfast) and so your activity would
become "Noisy" very quickly.

Switch spoofing is something which most major switch manufacturers
(Cisco, Juniper etc) are now aware of and as such features similar to
the above are becoming a) more common, and b) starting to be turned on
by default.

You may have more luck with Trunking, although again features such as
portfast will not allow trunk negotiation.

HTH

Rob

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Mathieu CHATEAU
Sent: 18 March 2007 09:20
To: Jon R. Kibler; pen-test () securityfocus com
Subject: Re: Locating switches in a multi-layer switching environment

hello,

you might use open source tool to behave as a switch with your pc.
You can then try to access other vlan (trunking) or be in the spanning
tree
(which is the root one?)

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- 
From: "Jon R. Kibler" <Jon.Kibler () aset com>
To: <pen-test () securityfocus com>
Sent: Sunday, March 18, 2007 2:46 AM
Subject: Locating switches in a multi-layer switching environment


> Hi,
>
> A network recon question: When pen testing an environment that deploys

> multi-layer switching, how can one reliably map the network and the
> relative location of all of the switches?
>
> Add to this VLANS... How can you map VLANs that are on the network,
> especially if your access is but on one VLAN, and that VLAN is
different
> than the switch management VLAN?
>
> Thoughts, tools, tricks, white papers, etc. appreciated.
>
> THANKS!
> Jon Kibler
> -- 
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> (843) 849-8214
------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
>
------------------------------------------------------------------------
>


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016
00000008bOW
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------