Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618

• Previous message: Robinson, Sonja: "RE: Digital Evidence Question - What is an effective Windows hard -disk search tool?"
• Maybe in reply to: Meidinger Christopher: "AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• Next in thread: Mitchell Rowton: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 Jun 2003 09:01:15 -0700
To: David Wallraff <wall0448@ece.umn.edu>, security-basics@securityfocus.com

In the heirarch of network devices, a repeater is the stupidest. A hub
is a multiport repeater. What goes in one port goes out off of the
others. A *switch* otoh, actually looks at its input. At, methinks,
OSI-2, there is a hardware address. A switch looks at that address. It
keeps a list of what hardware addresses may be found at what port.

Hosts usually send some information when they first come online,
populating the list thusly (dhcp, for example). After a certain amount
of time of not hearing from a host, hosts gets dropped from the list. A
switch will send an input packet for which it does not know the port of
the hardware address to all ports (and probably *find* the port of that
hw address, assuming that computer is alive and responds).

I understand that it is possible to overwhelm a switch such that it
reduces to a hub, and everyone can listen to everyone else. I *think*
this is done by spewing out (spoofed) packets with so many different hw
addresses that the address table is totally bogus. Then no valid input
packets do anything but get "broadcasted" to all port. Someone correct
me if I'm wrong.

Does that answer your question?

Justin

On Thu, Jun 26, 2003 at 06:37:03PM +0000, David Wallraff wrote:
>
> why is it harder to sniff over a switced network? i understand it's
> becasue of the switch (natch), but what makes it more difficult?
> dave
>
>
>
> On Wed, 25 Jun 2003, Meidinger Christopher wrote:
>
> > Hello Hilal,
> >
> > Yes, there are many tools that will do that. dsniff, ettercap, ethereal and
> > MANY others will read your password as it goes by on the wire. It is
> > slightly more difficult on a switched network, but it can still be done.
> >
> > You should not use telnet at all, use ssh (www.openssh.org) instead. The
> > windows client PuTTY is the most common choice to connect over ssh from
> > windows. As far as starting an ssh server on the firewall, you should be
> > able to do that in the same way that you started the telnet server.
> >
> > If you need more exact help, post to the list what type of firewall you are
> > using, and i am certain someone will help you get started.
> >
> > (Disclaimer: based on your question, you should [IMHO] definately read up a
> > bit on security before configuring a firewall)
> >
> > badenIT GmbH
> > System Support
> >
> > Chris Meidinger
> > Tullastrasse 70
> > 79108 Freiburg
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: Hilal Hussein [mailto:hilalma@hotmail.com]
> > Gesendet: Tuesday, June 24, 2003 10:08 AM
> > An: bugtraq@planetcobalt.net; security-basics@securityfocus.com
> > Betreff: Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618
> >
> >
> >
> >
> > Hello All,
> >
> > i am not sure if i am asking the right question within the same subject,but
> > i am configuring the firewall throught the telnet connecting / from winxp
> > workstation.
> >
> > Is there any possibility for any internal user to use any tools that will
> > haijack my telnet password - password for the firewall too!, and what are
> > the measurements for securing the telnet session.
> >
> > with regards,
> > Hilal Hussein
> >
> > _________________________________________________________________
> > STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >
> > ---------------------------------------------------------------------------
> > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> > while InStat has confirmed Neoteris as the leader in marketshare.
> >
> > Find out why, and see how you can get plug-n-play secure remote access in
> > about an hour, with no client, server changes, or ongoing maintenance.
> >
> > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> > ----------------------------------------------------------------------------
> >
> > ---------------------------------------------------------------------------
> > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> > while InStat has confirmed Neoteris as the leader in marketshare.
> >
> > Find out why, and see how you can get plug-n-play secure remote access in
> > about an hour, with no client, server changes, or ongoing maintenance.
> >
> > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> > ----------------------------------------------------------------------------
> >
> >
>
> ---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>
> Find out why, and see how you can get plug-n-play secure remote access in
> about an hour, with no client, server changes, or ongoing maintenance.
>
> Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ----------------------------------------------------------------------------
>

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

• Previous message: Robinson, Sonja: "RE: Digital Evidence Question - What is an effective Windows hard -disk search tool?"
• Maybe in reply to: Meidinger Christopher: "AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• Next in thread: Mitchell Rowton: "Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]