[26204] in bugtraq
Re: Sniffable Switch Project
daemon@ATHENA.MIT.EDU (martin f krafft)
Wed Jul 17 12:03:10 2002
Date: Wed, 17 Jul 2002 12:37:40 +0200
From: martin f krafft <madduck@madduck.net>
To: bugtraq@securityfocus.com
Message-ID: <20020717103740.GA20352@fishbowl.madduck.net>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="EeQfGwPcQSOJBaQU"
Content-Disposition: inline
In-Reply-To: <1026844737.4003.20.camel@elendil>
--EeQfGwPcQSOJBaQU
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
also sprach Cedric Blancher <blancher@cartel-securite.fr> [2002.07.16.2038 =
+0200]:
> All switches are "sniffable" if you use ARP cache poisoning tools such
> as arpspoof from dsniff package or arp-sk.
Wrong. More expensive switches by Cisco, HP, or others employ various
techniques against ARP cache poisoning. These range from port locking
when the MAC table changes (not applicable to a dynamic environment)
up to adaptive cache cleaning methods that prevent the cache from ever
filling up. And any switch above the $50 price range will employ
a hashmap for the ARP cache rather than a table-per-port approach.
--=20
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
=20
"the human brain is like an enormous fish --
it is flat and slimy
and has gills through which it can see."
-- monty python
--EeQfGwPcQSOJBaQU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj01SPQACgkQIgvIgzMMSnVz3gCfbDePeJma9iPPQxgIAkKK3AXQ
N5gAoJx0uyUkY4B5WvWq5FwCU4gfrGWN
=FuA8
-----END PGP SIGNATURE-----
--EeQfGwPcQSOJBaQU--
