Vulnerability Development mailing list archives
Re: Cisco Catalyst switches
From: Saso () VSECUREIT NET (Saso)
Date: Wed, 14 Jun 2000 01:00:40 +1000
In message <3BE20D737CCE4C4589F5D72274652F200D67E1 () nacsvr05 nac cwo net au>, Ma tthew King writes:
Hi.
Hi,
It would be interesting if there was a vulnerability that allowed you to break the VLAN definitions.. I know many companies that practically run their entire networks together into several Catalysts via VLANS :) Secure networks and public ones right next to each other.
And all those switches are conveniently joined together and share some VLANs, so that people don't have to worry about getting longer UTP cables. Been there, seen that. Cisco still doesn't QA their Catalyst switches as security devices and that should ring a bell with most clueful IT personnel. However, sad truth is, that most abuse VLAN capability as security feature. Sometimes, under heavier loads, VLANs can (and do) leak packets.
I thought that based on the nature of VLANS that they would not be susceptible to attack from the network layer because they switch traffic based on the port number, not on any content of the frame or packet? Still, it would be interesting :)
Switches switch packets depending on MAC address certain ports are assigned, but not all Network Admins go the length to lock MAC addresses to certain ports, leaving their switches susceptible to ARP packet storms. And once switch's ARP table is filled, most tend to fail-open, flooding all the ports with all the traffic that traverses the switch. Also, Ryan Russell wrote a short e-mail concerning Cisco's Catalyst switches back in 1998 <http://www.nfr.net/firewall-wizards/mail-archive/1998/Nov/0036.html>. IMHO, as much as I avoid using switch as a security device, I still believe that _properly configured_, it can be reasonably secured against most script kiddies. But it won't stop the determined attacker that poses enough skills, clue and resources to break thru VLANs and get the information they want. YMMV. Regards, Saso
Current thread:
- Cisco Catalyst switches hg/jb (Jun 12)
- Re: Cisco Catalyst switches Jeremy Guthrie (Jun 14)
- Solaris ufsroot exploit Job de Haas (Jun 14)
- Exploit code for PalmOS Aviram Jenik (Jun 14)
- <Possible follow-ups>
- Re: Cisco Catalyst switches Matthew King (Jun 13)
- Re: Cisco Catalyst switches Jay Tribick (Jun 13)
- Re: Cisco Catalyst switches Andy Murren (Jun 13)
- Re: Cisco Catalyst switches rpc (Jun 13)
- Re: Cisco Catalyst switches Rostislav Opocensky (Jun 13)
- Re: Cisco Catalyst switches Saso (Jun 13)
- Re: Cisco Catalyst switches Mudge (Jun 14)
- Re: Cisco Catalyst switches Jeremy Guthrie (Jun 14)
- Problems with: xcdroast, gatos, xkobo, xbill, iagno, ++ Elias Levy (Jun 14)
- Re: Cisco Catalyst switches Mudge (Jun 14)
- Re: Cisco Catalyst switches suid () SUID KG (Jun 13)
- Update on TopLayer Advisory nawk (Jun 13)
- Re: Cisco Catalyst switches Blue Boar (Jun 13)
- Re: Cisco Catalyst switches Martin Hamilton (Jun 14)