-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Andrew Thomas [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, October 24, 2000 4:15 AM
>
> Also some switches, when flooded with spoofed ARP/RARP will
> fail-open, and
> start operating like a hub - i.e. broadcasting all traffic to
> all ports.
Which can done easily on some switches with a special cable. This
discussion came up in another mail lists, here is the cable I use:
- --->8---
LAN Sniffer
1 -----\ /-- 1
2 ---\ | \-- 2
3 ---+-*------- 3
4 - | - 4
5 - | - 5
6 ---*-------- 6
7 - - 7
8 - - 8
Basically, 1 and 2 on the sniffer side are connected, 3 and 6
straight through to the LAN. 1 and 2 on the LAN side connect to 3 and
6 respectively. This fakes a link on both ends but only allows
traffic from the LAN to the sniffer. My NIC is a 3Com 10/100 PCCard,
your mileage may vary.
- ---8<---
This cable allows the sniffer to sniff packets, but no data is leaked
back into the LAN. The loopback on the LAN side causes the switch to
receive all packets it sends out. That triggers some switches into
behaving like a hub. Use at your own risk.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.
iQA/AwUBOfXi8ERKym0LjhFcEQKD8wCgrlMfdhz0echkOZUtWrBbHHr53HEAoIKa
Q5W8ApljTc9Z+wa+YlG3V3ce
=ajq5
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
