[geeks] ethernet switch insecurity
Tim H.
lists at pellucidar.net
Sat Jul 20 21:57:35 CDT 2002
On Sat, 20 Jul 2002 11:51:39 -0400 (EDT)
woods at weird.com (Greg A. Woods) wrote:
> You're just not using the right tools -- no Ethernet switch is really
> secure all by its lonesome from sniffing and other worse games, not
> even if you've tried to lock down your MACs on a port-specific basis.
> There are lots of attacks, some of them newly described in recent
> publications. See BUGTRAQ (the list). :-)
umm, obviously not. I'd like to see a sniffer that can sniff packets it
doesn't see. Since the switch is at the ethernet level, and is sorting
traffic by destination mac address, the only way to possible sniff would
be to spoof mac addresses, and that kinda interferes with diagnostics.
I wasn't suggesting a switch was a security device, I was suggesting
that it interferes with diagnostic sniffing. If there is a way to sniff
traffic in another conversation on a dumb switch I would definitely be
interested in hearing about it.
I'm not talking about a switch that can lock down ports, I am talking
about your basic entry level workgroup switch (in my case an SMC EZ
switch 10/100) that has an 8K mac address buffer, and just remembers
which port a specific mac address is on, and sends stuff aimed at that
address out that port. If I plug in a sniffer, I see broadcast traffic,
dhcp queries, stuff like that, I do not see any packets designated for
another port on the switch. If I were to spoof a mac address I might
get half a conversation, but it would be more likely to just break
things.
If there is something basic I am missing here I would like to learn
about it.
Tim
More information about the geeks
mailing list