[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] sniffing switched nets

To: Strata Rose Chalup <strata@virtual.net>
Subject: Re: [SAGE] sniffing switched nets
From: Keith Farrar <farrar@parc.xerox.com>
Date: Fri, 25 Jan 2002 13:33:45 PST
cc: SAGE Members <sage-members@usenix.org>
In-Reply-To: <3C51B51B.DC164A22@virtual.net>
Reply-To: <farrar@parc.xerox.com>
Sender: owner-sage-members@usenix.org
Sensitivity: Normal

Search for arpspoof or macof (flooding the ARP table on some switches
can transform them into repeaters...).


> Date: Fri, 25 Jan 2002 11:42:19 PST
> From: Strata Rose Chalup <strata@virtual.net>
> To: SAGE Members <sage-members@usenix.org>
> Subject: Re: [SAGE] sniffing switched nets
>
>
> David,
>
> I've been given to understand that the technique involves reconfiguring
> the switch to copy traffic to a monitor port.  Given how easy it
> allegedly is to break into most switches, I think this is a valid line
> of attack.
>
> There's also supposed to be another technique, about which here is
> something from a quick Google search:
>
> [PS] www.infosys.tuwien.ac.at/Teaching/Courses/InetSec/slides/slides2.ps
> File Format: Adobe PostScript - View as Text
> ... Sniffing also possible at switched Ethernet, where the switch ... forbidden (in contrast to
> sniffing, spoofing) in the lab ... router knows which nets it is connected to ...
> Similar pages
>
> X.25 Hacking
> ... useful comments about x.25 nets Short Outdials/x.25 hacking ... TO SPRINTNET AND SIMILAR
> PACKET SWITCHED NETWORKS P/H/A - Written ... crew Sita Network NUI Sniffing!!! ...
> qwerty.nanko.ru/x25/o_index.htm - 15k - Cached - Similar pages
>
> There was a lot of material coming up on a search for "sniffing switched
> nets", of which about 1 item on each page was of interest.
>
> cheers,
> Strata
>
> "David R. Linn" wrote:
> >
> > A few meetings ago (perhaps the ATC in San Diego), I seem to recall
> > that some attendees demonstrated that you can sniff switched nets by
> > collecting and then posting a set of passwords that they had captured
> > from the switched TTY room net.  I believe that they wrote up their
> > technique, maybe for a WIP, maybe for a later conference.
> >
> > The fellow teaching our new InfoSec class was asking me for ideas of
> > things to cover and I mentioned this incident in the context of
> > convincing people to use crypto for anything they want secured.  He
> > asked me for a pointer and a quick look at the USENIX site didn't
> > provide me with one so I'm turning to the collective.
> >
> > If this is not all a sign of premature senility, could someone point
> > me at that writeup.
> >
> >          David
> > --
> > David R. Linn, SEDCON System Manager    | INET: drl@vuse.vanderbilt.edu
> > Disclaimer: I speak only for myself     | Phone: [+1] 615-343-6164
> >                 http://www.vuse.vanderbilt.edu/~drl
> > * If you cannot strive for excellence, at least strive for adequacy. *
>
>

-- 
| Keith Farrar | Xerox PARC CSNS | Palo Alto, CA | 650-812-4292	|
| DOMAIN:  farrar@parc.xerox.com |				|

References:
- Re: [SAGE] sniffing switched nets
  - From: Strata Rose Chalup <strata@virtual.net>

Prev by Date: Re: [SAGE] Apple Airport base station admin SW for Wintel
Next by Date: Re: [SAGE] sniffing switched nets
Prev by thread: Re: [SAGE] sniffing switched nets
Next by thread: Re: [SAGE] sniffing switched nets
Index(es):
- Date
- Thread