RE: switch jamming

[Alexander <alex () bsdfreak org>]

Hello,

        Static ARP entries can prevent this if implement on the switch
(and it is a good idea to use them on all the network devices as well).
Also, protocols such as IPSEC can strengthen any protocols tunneled
through it against manipulation or sniffing.

--
Regards,
Alexander
Editor
BSDFreak.org
e: alex () bsdfreak org
w: http://bsdfreak.org/


``Trials and tribulations of BSD users''

On Thu, 31 Jan 2002, Anthony Gruppuso wrote:

> Does anybody know of any switches that can protect against this type of
> attack, or is virtually every switch affected?  I imagine this is "old
> news," so what have vendors done to counteract this type of activity?
>
> -----Original Message-----
> From: Sebastian Jaenicke [mailto:tsa () jaenicke org]
> Sent: Wednesday, January 30, 2002 5:13 PM
> To: vuln-dev () securityfocus com
> Subject: Re: switch jamming
>
>
> Hi,
>
> On Wed, Jan 30, 2002 at 10:05:08PM +0000, Jan wrote:
> [..]
> > how can i sniff upon a switched network segment ? a read some articles
> about "switch jamming" and "port mirroring" but up to know i didn't
> learn anything special at all.
> > ca some of your guys out there help me ? (i'm sure some of you can but
> are you willing, too ?)
> >
>
> This can be achieved by flooding the switch with spoofed ARP packets
> until
> its internal MAC table is filled up - most switches will then revert to
> "hub mode" and therefore broadcast all traffic to the network where it
> can easily be sniffed.
>
> http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm should
> give you some (more accurate?) information.
>
> Sebastian
> --
> Sebastian Jaenicke
> whois pgpkey-18AC0BE4 () whois ripe net|perl -ne's-^certif: +--&&print'
>   "Object-oriented programming is an exceptionally bad idea which
>    could only have originated in California." --Edsger Dijkstra