[Full-Disclosure] Re: Cain and Abel

From: J. Oquendo (sil_at_infiltrated.net)
Date: 02/03/05

  • Next message: Dan Yefimov: "Re: [Linux kernel ipv6_setsockopt integer overflow]"
    Date: Thu, 3 Feb 2005 17:22:53 -0500 (EST)
    To: Paul Melson <psmelson@comcast.net>
    
    

    On Thu, 3 Feb 2005, Paul Melson wrote:

    > A more manageable defense against ARP poisoning attacks is to configure your
    > switches to prevent against MAC address spoofing. Cisco switches, for
    > example, can statically map the MAC address of the interface connected to a
    > given port (good for servers), as well as limit the number of MAC addresses
    > that can appear on a given port (good for workstations, conference rooms,
    > hotel rooms, etc.).

    802.1q and Cisco PVLAN's will suffice by segmentation to minimize the
    effects of programs like Cain and Abel. However, most people forget that
    at the core level any product be it a switch (layer 2 or 3) or router will
    still have to listen for broadcasts in order to get MAC information to
    delegate traffic. If someone just wanted to sit there and DoS your ARP
    tables to oblivion it wouldn't be hard. VLAN tagging has its insecurities
    as well. You could likely just roast someone's connection if you're on
    their segment as well via spoofing however you're limited to that segment.

    http://infiltrated.net/cisco/pvlans.html
    http://infiltrated.net/cisco/vlan-insecurities.html
    http://infiltrated.net/cisco/vlan-tagging-101.html
    http://infiltrated.net/cisco/vla-tagging.pdf

    =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
    J. Oquendo
    GPG Key ID 0x0D99C05C
    http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0D99C05C

    sil @ infiltrated . net http://www.infiltrated.net

    "How a man plays the game shows something of his
    character - how he loses shows all" - Mr. Luckey
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Dan Yefimov: "Re: [Linux kernel ipv6_setsockopt integer overflow]"

    Relevant Pages

    • Re: How can I stop the power button shutting down the machine?
      ... There are those that are smart and competent, and have picked a Mac for technical reasons. ... This group are not going to be confused about two power switches. ... Since Apple are greedy but not stupid, I conclude that rather than the missing power switch being a "feature" to avoid confusing people, it's simply an omission in order to save them money. ...
      (comp.os.linux.misc)
    • Re: Static IP outside of router DHCP range
      ... Unfortunately my 8 clients are little $50 boxes with an Ethernet port and yellow, red, and white outputs for composite NTSC video and stereo audio, but no provisions whatsoever to flash their NVRAM. ... So I have no way to either reserve IP addresses based on Mac addresses, nor do I have a way to set them up as static. ... I still am wondering if my Netgear switches truly have any "memory" of the ports associated with specific IP addresses of the connected clients, as they have no reset or reboot function as far as I know. ...
      (alt.comp.hardware.pc-homebuilt)
    • RE: Caching a sniffer
      ... and I've just seen a new source MAC ... I looked through some old docs on Cisco switches. ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: Static IP outside of router DHCP range
      ... This would avoid the need for DHCP entirely, ... So I have no way to either reserve IP addresses based on Mac addresses, nor do I have a way to set them up as static. ... I still am wondering if my Netgear switches truly have any "memory" of the ports associated with specific IP addresses of the connected clients, as they have no reset or reboot function as far as I know. ...
      (alt.comp.hardware.pc-homebuilt)
    • Re: ROGUE APs at Work - How to locate them?!
      ... If you have the MAC address and you have ethernet switches that are smart ... MAC address, then you lookup that MAc address on the switches until you find ... the hardware port. ... network card in the PC could unplug the computer, ...
      (alt.internet.wireless)