Security Basics mailing list archives
RE: switched n/w
From: "Jeff Gercken" <JeffG () kizan com>
Date: Wed, 8 Dec 2004 12:54:55 -0500
Yes this is very possible, actually somewhat trivial with the available software out there. Look at Hunt and Ettercap. You can avoid it by hard coding mac addresses to ports (if you have a managed switch) and creating static arp entries in the hosts. Relying upon any query mechanism leaves you vulnerable. Also there are applications that try and detect such unscrupulous traffic. Look at aprwatch and snort. Lastly, security vs effort/complexity/cost is an exponential curve. You need to find the point where the acceptable risk level and costs are reasonable for your organization. -Jeff -----Original Message----- From: kaushal [mailto:kaushal () rocsys com] Sent: Tuesday, December 07, 2004 1:30 PM To: security-basics () securityfocus com Subject: switched n/w Hi, Iam a bit new to network securities.We have a switched network and to my knowledge a hosts' data cannot be sniffed by other host by runnning tcpdump.But Iam receiving complaints from few users that their data is being changed/manipulated.Is this possible? How can I avoid this at the host level?Does this mean the server has been compromised?Any help or pointer in this aspect would be highly appreciated. thanks in advance. kaushal.
Current thread:
- Re: switched n/w, (continued)
- Re: switched n/w Rino Mardo (Dec 08)
- Message not available
- Re: switched n/w Gautam R. Singh (Dec 08)
- Re: switched n/w M. Shirk (Dec 09)
- Re: switched n/w Gautam R. Singh (Dec 08)
- Re: switched n/w Andreas Putzo (Dec 08)
- Re: switched n/w Alexander Klimov (Dec 08)
- Re: switched n/w Grim (Dec 08)
- Re: switched n/w Jacob Weeks (Dec 08)
- Re: switched n/w q q (Dec 09)
- Re: switched n/w easternerd (Dec 10)
- Re: switched n/w q q (Dec 09)
- Re: switched n/w xyberpix (Dec 09)
- RE: switched n/w Jeff Gercken (Dec 08)
- Re: switched n/w Ivan Coric (Dec 08)
- Re: switched n/w miguel . dilaj (Dec 08)
- Re: switched n/w kaushal (Dec 08)
- Re: switched n/w H Carvey (Dec 08)
- Re: switched n/w Russell Gregg (Dec 08)