RE: MiM Simultaneous close attack

["Dom De Vitto" <Dom () DeVitto com>]

That's exactly it.

Also some switches (cats?) just plain to into "hub mode" when supervisor
usage goes over
70%.  Reason: It's better that we loose switching than management ability
and (possibly?)
VLAN definitions.  Both of which are done on the supervisor.

Dom

-----Original Message-----
From: Mauro Flores [mailto:almauri () cs com uy]
Sent: 21 August 2001 19:32
To: vuln-dev () securityfocus com
Subject: Re: MiM Simultaneous close attack


Robert Freeman wrote:

> I don't think you can get exactly what you want Paul. About the switched
> networks in general, you could:
>
> 1) Spoof an existing MAC (not reliable)
> 2) Flood your switch with MAC announcements (may become a nice hub!)
> 3) Sniff the initial ARP broadcast and reply (hassle for all packets)
>
> regards,
> Robert
>
> btw, a MiM DoS? ...geez.


Hi!!
Can enyone explain me (or point me an URL) why if i flood the switch MAC
table it would became a hub??
The only case i can undestand that the switch became a hub is if i can
fill the switch Mac table with faked Macs... otherwise the switch will
still work as a switch...
am i wrong on this??
Thanks!

see arround, Mauro Flores