[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] sniffing switched nets

To: SAGE Members <sage-members@usenix.org>
Subject: Re: [SAGE] sniffing switched nets
From: "Mark C. Langston" <mark@bitshift.org>
Date: Fri, 25 Jan 2002 13:40:18 -0800
In-Reply-To: <3C51B51B.DC164A22@virtual.net>; from strata@virtual.net on Fri, Jan 25, 2002 at 11:42:19AM -0800
References: <200201251623.KAA01500@mailhost1.vuse.vanderbilt.edu> <3C51B51B.DC164A22@virtual.net>
Sender: owner-sage-members@usenix.org
User-Agent: Mutt/1.2.5.1i

On Fri, Jan 25, 2002 at 11:42:19AM -0800, Strata Rose Chalup wrote:
> 
> David,
> 
> I've been given to understand that the technique involves reconfiguring
> the switch to copy traffic to a monitor port.  Given how easy it
> allegedly is to break into most switches, I think this is a valid line
> of attack.  

I believe Mudge (@Stake) gave a talk touching on this at USENIX
Security 2000 (if my memory isn't completely shot).  It's not always
necessary to break into the switch;  some switches will default to
hub-like behavior under certain circumstances, echoing every port
to every other port.

-- 
Mark C. Langston
mark@bitshift.org
Systems & Network Admin
http://www.bitshift.org

References:
- [SAGE] sniffing switched nets
  - From: "David R. Linn" <drl@vuse.vanderbilt.edu>
- Re: [SAGE] sniffing switched nets
  - From: Strata Rose Chalup <strata@virtual.net>

Prev by Date: Re: [SAGE] sniffing switched nets
Next by Date: Re: [SAGE] sniffing switched nets
Prev by thread: Re: [SAGE] sniffing switched nets
Next by thread: Re: [SAGE] sniffing switched nets
Index(es):
- Date
- Thread