RE: PPPoE + Switch sniffing

Hi Carlos,
You said that we have seen another Access concentrator-where did you see it
and how could you tell? Switches should make sniffing harder, not
easier-simply because of port to MAC mapping and only directing traffic via
MAC. Does it look like the NIC of the dodgy 'concentrator' and the NIC of
your 'client' are connected to the same switch/segment?
If it has same MAC address then it's some kind of spoofing going unless
there is a mistake.

How did you configure the switches?



-----Original Message-----
From: Carlos de Oliveira [mailto:carlos.oliv@xxxxxxxxx]
Sent: Friday, July 28, 2006 4:38 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: PPPoE + Switch sniffing

Hello friends,

As a manager of my network, I am woried of security. Recently we
changed the HUB's for switch's in hope that we get more securitty.

In a few days ago, we have seeing another Access concentrator in our
network sending PADO's to the clients that wanted to connect.

This access concentrator have the same MAC address of one of my clients.

I would like to know what do you think that could be?
I've searched google for this, but I didn't found any attack baseed on
PPPoE + switch.
Could this other access concentrator be trying to give connection to
some of my clients just to sniff their connection?

Thanks,
Carlos.

--
http://users.urbi.com.br/carlos_oliv

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Detecting multiple hosts behind a single managed switch port
    ... I'm looking for a tool that can query a list of managed switches (both ... would need to filter out ports that are connected to other managed ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)
  • RE: VLANs confusing
    ... VLANs do not encrypt ANYTHING ... ISL and dot1q trunking protocols are used by switches to "route" ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)