[8209] in bugtraq
Re: False security in switches and a little more Rconsole.
daemon@ATHENA.MIT.EDU (Peter Jeremy)
Wed Oct 14 14:43:36 1998
Date: Wed, 14 Oct 1998 07:28:47 +1000
Reply-To: Peter Jeremy <peter.jeremy@AUSS2.ALCATEL.COM.AU>
From: Peter Jeremy <peter.jeremy@AUSS2.ALCATEL.COM.AU>
To: BUGTRAQ@NETSPACE.ORG
Chris Zagar <zagar@GCINFO.GC.MARICOPA.EDU> wrote:
>> Ok, heres a very simple solution: Buy a switch.
>
>Actually, switches do help, but they also run the risk of people actually
>believing that their switched connections are private, lulling you into a
>false sense of security.
[Description of port monitoring facilities deleted]
And quite apart from the documented and intentional port monitoring
facilities, the switch may leak packets.
I have a number of systems attached via switch ports to our backbone
(for traffic purposes). Last year I took some traffic samples from a
machine connected to one brand of switch. I recently repeated the
test with a different brand of switch. In both cases, there were
about 2 packets per second (around 2% of the segment traffic) that
were unicast, and not intended for the machine that received them.
Moral: Don't rely on your switch for security.
Peter
--
Peter Jeremy (VK2PJ) peter.jeremy@alcatel.com.au
Alcatel Australia Limited
41 Mandible St Phone: +61 2 9690 5019
ALEXANDRIA NSW 2015 Fax: +61 2 9690 5247
