Security Basics mailing list archives
Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618
From: "Craig Janssen" <cjanssen () mail millikin edu>
Date: Thu, 26 Jun 2003 16:41:58 -0500
I understand that it is possible to overwhelm a switch such that it
reduces to a hub, and everyone can listen to everyone else. I *think* this is done by spewing out (spoofed) packets with so many different hw addresses that the address table is totally bogus. Then no valid input packets do anything but get "broadcasted" to all port. Someone correct me if I'm wrong. That is definitely possible, Cisco Catalyst switches and a few other brands used to be susceptible to "christmas tree attacks", where you basically would send the switch TCP packets with incorrect TCP flags set (i.e., SYN, FIN, ACK, etc), and it would often overload the switch and set it to a fail-open state, where it basically turns into a big repeating hub. The other way to do this is to overload the MAC table in the switch's memory with by sending mass ARP replies where it would error out and again fail open. Every packet entering the switch would then be forwarded on every interface, making packet sniffing much easier on remote segments. Hopefully you'd see a degradation in network performance when this happens and be able to reboot the switch before things got any worse. Craig ______________________________ Craig Janssen, MCP, A+ Network and Internet Services Manager Millikin University Information Technology Dept (217) 362-6488 cjanssen () mail millikin edu --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Craig Janssen (Jun 26)
- <Possible follow-ups>
- Re: AW: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Craig Janssen (Jun 27)