Home page logo

basics logo Security Basics mailing list archives

Re: Network Configuration Question?
From: "netsec novice" <netsec9 () hotmail com>
Date: Tue, 05 Nov 2002 16:14:18 +0000

I recently saw similar behaviour running tcpdump on my workstation that is attached to a Cisco catalyst switch. I would be interested to find any answers myself.

From: "Ian Lyte" <ilyte () alias666 freeserve co uk>
To: <security-basics () securityfocus com>
Subject: Network Configuration Question?
Date: Mon, 4 Nov 2002 16:58:37 -0000

Hi All,

    On a corporate machine, I was having trouble removing the TinyBar
scrote-ware that had installed itself surreptitiously onto my machine. As
part of the process of tracking down how it was running, I downloaded a
small packet sniffer and ran it so I could attempt to trace the outgoing
target address of the pop-up window.

    We are on a 100mbs switched network (I believe switched but ..).

Now imagine my surprise when I could pick up traffic from around 6 other
machines, including HTTP, POP, SMTP and all the associated passwords.

    Some of the machines were geographically close to me in the office but
not all. How could this happen on a switched network - has one of the
switches fallen over into broadcast mode or something? If so how do I go
about determining (remotely) why/how it has fallen over, who else is on the
segment, and what other avenues do I have to explore?

    Thanks in advance


Unlimited Internet access for only $21.95/month.  Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]