[8199] in bugtraq
False security in switches and a little more Rconsole.
daemon@ATHENA.MIT.EDU (Chris Zagar)
Tue Oct 13 16:46:14 1998
Date: Mon, 12 Oct 1998 21:25:44 -0700
Reply-To: Chris Zagar <zagar@GCINFO.GC.MARICOPA.EDU>
From: Chris Zagar <zagar@GCINFO.GC.MARICOPA.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSI.3.96.981009143537.412A-100000@usr10.primenet.com>
> Ok, heres a very simple solution: Buy a switch.
Actually, switches do help, but they also run the risk of people actually
believing that their switched connections are private, lulling you into a
false sense of security.
Most switches have some facility to allow you to monitor another port, the
traffic of an entire VLAN, or even all traffic in the switch. If your
switch is compromised, someone could listen in on your workstation
conversations, which you thought were private. The monitoring could
happen when the compromised switch is directed to pass all packets to
a compromised system. Yes, both a system on the switch and the switch
itself have to be compromised, but there are plenty of compromises about
for workstations that making this rather doable once you can compromise
the switch.
The other thing is about the Novell's SYS:ETC directory having read and
file scan. When you install Novell's FTP server, this installation adds
just such a trustee to SYS:ETC. If you remove the trustee, then FTP
logging breaks. Of course, the current version of FTP (at least prior to
NW 5) is also known to have copious security problems, so anyone who uses
it should beware.
For more info on this and other bad NetWare security problems, be sure to
visit http://www.nmrc.org and look at the Unofficial Netware Hack FAQ.
Chris
