Penetration Testing mailing list archives
Re: Testing Hubs and Switches
From: Cedric Blancher <blancher () cartel-securite fr>
Date: 11 Dec 2002 17:36:39 +0100
Le mer 11/12/2002 à 10:02, Julian Young a écrit :
Some time back, i guess it was last summer, somebody was asking for volunteers to test their hubs and switches for security venerabilities. as the time i think he wanted to put together a who's who of switches and hubs. Does any one recognize this , remember any urls or what happened to the project. I was unable to participate at the time but still like to test mine if they have not already been tested
Project seem to be stalled : http://www.alaricsecurity.com/ssp.html It was an interesting idea, but the only submission is about ARP cache poisoning, and we all know switches are vulnerable to this, just because of their design.
Further is any one knows of any testing tools / techniques i would also be very interested
Taranis will be a good start : http://www.bitland.net/taranis/ Taranis relies on MAC spoofing to redirect network traffic. You can also have a look at dsniff package : http://monkey.org/~dugsong/dsniff/ It comes with macof tool that perform CAM table flooding. A switch can fall into repeater mode for some MAC when CAM table is full. If you want a complete view of switches attacks, have a look at Sean Convery presentation at Black Hat USA 2002 you can find here : http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-02/ You'll find layer 2 attacks such MAC attacks, ARP attacks, protocols attacks (CDP, DTP, VTP), VLAN hopping and others. -- Cédric Blancher <blancher () cartel-securite fr> Consultant en sécurité des systèmes et réseaux - Cartel Sécurité Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- remote MAC address discovery? Tina Bird (Dec 10)
- <Possible follow-ups>
- RE: remote MAC address discovery? Wolf, Glenn (Dec 10)
- RE: remote MAC address discovery? Rich Pulver (Dec 10)
- Re: remote MAC address discovery? Stephen Friedl (Dec 10)
- Testing Hubs and Switches Julian Young (Dec 11)
- Re: Testing Hubs and Switches Cedric Blancher (Dec 11)
- Re: Testing Hubs and Switches Valgasu (Dec 11)
- Testing Hubs and Switches Julian Young (Dec 11)