Re: Sniffing on a switch

[Volker Tanger <vtlists () wyae de>]

Good morning!

Cedric Blancher <blancher () cartel-securite fr> wrote:
> Le samedi 29 octobre 2005 à 12:48 +0200, Volker Tanger a écrit :
> > And yes, all unprotected switches can be subjected to ARP poisoning.
> > But (again) many manageable switches can be configured with
> > preventive measures:
> > - static/manual MAC/port mapping
> > - automatic one-time MAC/port config: the very first MAC/port
> >   combination seen is taken as semi-static entry, all others are
> >   dropped.
> > - limiting number of MAC addresses per port allowed
> >   (which helps against rogue switches and router, too)
>
> Do you mean theses measures can prevent ARP cache poisoning ? Because
> they just don't.

If manual MAC/port mapping takes precedence over cache (which is
implementation dependant) - why not?

If port security disables the port (the attacker/flooder's one) as soon
as more than one MAC address is being announced there - why not?

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------