RE: switch jamming

From: Alexander (alex@bsdfreak.org)
Date: 01/31/02 

Date: Thu, 31 Jan 2002 11:25:22 -0500 (EST)
From: Alexander <alex@bsdfreak.org>
To: Anthony Gruppuso <AGruppus@jcals.army.mil>

Hello,

        Static ARP entries can prevent this if implement on the switch
(and it is a good idea to use them on all the network devices as well).
Also, protocols such as IPSEC can strengthen any protocols tunneled
through it against manipulation or sniffing. 

--
Regards,
Alexander
Editor
BSDFreak.org
e: alex@bsdfreak.org
w: http://bsdfreak.org/

``Trials and tribulations of BSD users''

On Thu, 31 Jan 2002, Anthony Gruppuso wrote:

> Does anybody know of any switches that can protect against this type of
> attack, or is virtually every switch affected?  I imagine this is "old
> news," so what have vendors done to counteract this type of activity?
>
> -----Original Message-----
> From: Sebastian Jaenicke [mailto:tsa@jaenicke.org]
> Sent: Wednesday, January 30, 2002 5:13 PM
> To: vuln-dev@securityfocus.com
> Subject: Re: switch jamming
>
>
> Hi,
>
> On Wed, Jan 30, 2002 at 10:05:08PM +0000, Jan wrote:
> [..]
> > how can i sniff upon a switched network segment ? a read some articles
> about "switch jamming" and "port mirroring" but up to know i didn't
> learn anything special at all.
> > ca some of your guys out there help me ? (i'm sure some of you can but
> are you willing, too ?)
> >
>
> This can be achieved by flooding the switch with spoofed ARP packets
> until
> its internal MAC table is filled up - most switches will then revert to
> "hub mode" and therefore broadcast all traffic to the network where it
> can easily be sniffed.
>
> http://www.sans.org/newlook/resources/IDFAQ/switched_network.htm should
> give you some (more accurate?) information.
>
> Sebastian
> --
> Sebastian Jaenicke
> whois pgpkey-18AC0BE4@whois.ripe.net|perl -ne's-^certif: +--&&print'
>   "Object-oriented programming is an exceptionally bad idea which
>    could only have originated in California." --Edsger Dijkstra
>

Relevant Pages

  • RE: IP address conflicts
    ... If you get a network vendor like Network Hardware Resale ... >> It's amazing how money will appear out of thin air if certain oxen get ... the switch you are suggesting I cannibalise uses the EtherToken ... When dealing with a bureaucracy I have found the most effective method is ...
    (freebsd-questions)
  • Re: ConnectComputer Problem
    ... I'm a little confused by your network configuration. ... Switch2 --- SBS Server ... switch has internet access all the time, the second switch has the client ... NICs ...
    (microsoft.public.windows.server.sbs)
  • Re: LAN ip subnet is moving off from a bigger enterprise
    ... The host company runs Cisco ... Connect your switch to this ... At the CBO the network is 10.23.1.x and the gateway ... WS1 WS3 SBS HP4000 ...
    (microsoft.public.windows.server.sbs)
  • Re: Help with long term network problem
    ... Using a CNET network switch connected to a CNet Wireless G router Model ... Having the chart listing all of the computers is a great start. ... /all" shows only an Intel 2200BG WiFi connection - no Ethernet is apparent. ...
    (microsoft.public.windowsxp.network_web)
  • Re: Ethernet network wiring ?s
    ... >> the planned network is designed correctly and for my own education on ... >> find I that I have a hub in my office that I used at some point in the ... > A switch is an active device. ... > the ports that have the ethernet address the message is intended ...
    (comp.sys.mac.hardware.misc)