[8208] in bugtraq
Re: False security in switches and a little more Rconsole.
daemon@ATHENA.MIT.EDU (Mark Boolootian)
Wed Oct 14 14:43:33 1998
Date: Tue, 13 Oct 1998 15:27:24 -0700
Reply-To: Mark Boolootian <booloo@CATS.UCSC.EDU>
From: Mark Boolootian <booloo@CATS.UCSC.EDU>
X-To: zagar@GCINFO.GC.MARICOPA.EDU
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.OSF.4.03.9810122112070.6019-100000@gcinfo.gc.maricopa.edu>
from "Chris Zagar" at Oct 12, 98 09:25:44 pm
>Most switches have some facility to allow you to monitor another port, the
>traffic of an entire VLAN, or even all traffic in the switch. If your
>switch is compromised, someone could listen in on your workstation
>conversations, which you thought were private.
A much more straightforward attack against switches involves a machine
which can alter its ethernet address and which is directly attached to
a switch. The machine generates a stream of packets, each coming from a
unique ethernet address. Once the switch's forwarding table has filled,
the switch will flood all subsequent traffic out all ports (excluding ports
that have been configured specifically not to flood). At this point, the
switch, in effect, resembles a repeater. Switches often offer mechanisms
to limit the number of MAC addresses on a per port basis, but most folks
don't bother with such configurations.
mb
