Vulnerability Development mailing list archives
Re: switch jamming
From: ALoR <Alor () iol it>
Date: Thu, 31 Jan 2002 17:56:56 +0100
At 08.15 31-01-2002, you wrote:
The Cisco switches at least can be secured against this, if you can live with the inconvenience. If you have one machine per port, you can configure the switch to learn the first MAC address it sees, and then not accept frames from any other address. This means that you can't move machines around or changes NICs without the switch admin resetting the MAC address for the affected ports. It also means that you can't chain multiple machines off of any ports configured that way, say via a hub.
this protection is useless if you use Arp poisoning without spoofing your mac address. since the targets are the arp cache of the victims and not the switch itself, the port security feature can't block "fake arp replies" with "legal" mac address. then, when the cache are poisoned, all the packets have the right source mac address and the switch is happy about it ;)
bye bye --==> ALoR <==---------------------- - - - ettercap project : http://ettercap.sourceforge.net e-mail: alor (at) users (dot) sourceforge (dot) net
Current thread:
- RE: DoS against DHCP, (continued)
- RE: DoS against DHCP John Stauffacher (Jan 30)
- Re: DoS against DHCP Russell Handorf (Jan 30)
- Re: DoS against DHCP Craig Van Tassle (Jan 30)
- Re: DoS against DHCP Felix Lindner (Jan 31)
- Re: switch jamming Blue Boar (Jan 30)
- RE: switch jamming Ed Moyle (Jan 30)
- Re: switch jamming sean whalen (Jan 30)
- RE: switch jamming Henniges, Matthew (ISS) (Jan 30)
- RE: switch jamming Anthony Gruppuso (Jan 31)
- Re: switch jamming Blue Boar (Jan 31)
- Re: switch jamming ALoR (Jan 31)
- RE: switch jamming Alexander (Jan 31)
- Re: switch jamming Blue Boar (Jan 31)
- RE: switch jamming Toni Heinonen (Jan 31)
- Re: switch jamming blast (Jan 31)
- RE: switch jamming blast (Jan 31)
- RE: switch jamming Richard Corley (Jan 31)