Jim Eckford wrote:
>
> Be aware that even 'dumb' switches can be attacked. The usual method is to feed
> them with spoofed MAC addresses until the address table overflows,
Humm. Just out of curiosity, if the switch is on a screened subnet, how
do you spoof MAC addresses though it? Or are you assuming that one of
the connected systems has been compromised and has all the tools
required to perform the attack?
> which, with
> some switches, causes it to go in to flooding mode. In other words, it becomes a
> simple hub from which all traffic can be captured.
So worst case you are in the same boat as if you had purchased a hub in
the first place?
> A managed switch would at
> least be able to warn you by SNMP trap that the table was full.
Except now the attacker has a target IP address to go after. Given your
above example where "flooding" may cause all packets to be forwarded, it
would be pretty inessential to grab the SNMP community names off of the
wire (sure SNMPv2 is encrypted, but it can still be cracked). If the
switch allows you to set a port for monitoring, your whole subnet can be
sniffed.
Cheers,
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
