Le mer 11/12/2002 � 10:02, Julian Young a �crit :
> Some time back, i guess it was last summer, somebody was asking for
> volunteers to test their hubs and switches for security venerabilities.
> as the time i think he wanted to put together a who's who of switches
> and hubs.
> Does any one recognize this , remember any urls or what happened to the
> project. I was unable to participate at the time but still like to test
> mine if they have not already been tested
Project seem to be stalled :
http://www.alaricsecurity.com/ssp.html
It was an interesting idea, but the only submission is about ARP cache
poisoning, and we all know switches are vulnerable to this, just because
of their design.
> Further is any one knows of any testing tools / techniques i would also
> be very interested
Taranis will be a good start :
http://www.bitland.net/taranis/
Taranis relies on MAC spoofing to redirect network traffic.
You can also have a look at dsniff package :
http://monkey.org/~dugsong/dsniff/
It comes with macof tool that perform CAM table flooding. A switch can
fall into repeater mode for some MAC when CAM table is full.
If you want a complete view of switches attacks, have a look at Sean
Convery presentation at Black Hat USA 2002 you can find here :
http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-02/
You'll find layer 2 attacks such MAC attacks, ARP attacks, protocols
attacks (CDP, DTP, VTP), VLAN hopping and others.
--
C�dric Blancher <[EMAIL PROTECTED]>
Consultant en s�curit� des syst�mes et r�seaux - Cartel S�curit�
T�l: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
