RE: how to flood the mac address table of a switch?

From: dave kleiman (dave_at_isecureu.com)
Date: 12/02/03

  • Next message: Marcos E. Rodriguez: "Re: Vulnerability Assessment Checklists?"
    To: 'Hans Müller' <ndof@gmx.li>, <security-basics@securityfocus.com>
    Date: Mon, 1 Dec 2003 19:36:39 -0500
    
    

    I would have to say ettercap would be the easiest to use to accomplish this,
    it is free, and works in most OS's.

    http://sourceforge.net/projects/ettercap/

    Pick your NIC, pick IP scan go, go to plugins and pick flood the LAN with
    random MAC addresses

     
    _______________________________
    Dave Kleiman, CISSP, MCSE, CIFI
    dave@isecureu.com
    www.SecurityBreachResponse.com

    "High achievement always takes place in the framework of high expectation."
    Jack Kinder

     

    -----Original Message-----
    From: Hans Müller [mailto:ndof@gmx.li]
    Sent: Monday, December 01, 2003 12:17
    To: security-basics@securityfocus.com
    Subject: how to flood the mac address table of a switch?

    How can flood the mac address table of a switch, to see that the security
    function of my switch work?

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Marcos E. Rodriguez: "Re: Vulnerability Assessment Checklists?"

    Relevant Pages

    • RE: Caching a sniffer
      ... You've confused routine learning of source MAC addresses with the ... flood temporarily rather than be dropped. ... > If the system fires up on the afflicted switch. ...
      (Security-Basics)
    • Re: Which switches are/arent prone to MAC flooding attacks?
      ... > Just what do you want the switch to do when the mac table is full? ... > of a mac flood causing the switch to act like a hub or halt valid ... If this condition persists, it indicates that something ...
      (comp.security.misc)
    • Re: Which switches are/arent prone to MAC flooding attacks?
      ... overload a switch in some way that causes it to flood *everything*. ... Perhaps this is done by spoofing lots of different source MAC addresses, ... valid MAC addresses would start to displace the bogus ones. ...
      (comp.security.misc)
    • RE: how to flood the mac address table of a switch?
      ... Ignore this response I glanced over the word 'flood' and responded to 'list' ... how to flood the mac address table of a switch? ... Are you refering to the arp table? ...
      (Security-Basics)
    • Re: Network scanning
      ... > level before the switch will enable that port... ... > new MAC and disable the port. ... >> informieren Sie bitte sofort den Absender und vernichten ... Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich ...
      (Security-Basics)