mailing list archives
RE: switched n/w
From: "Jeff Gercken" <JeffG () kizan com>
Date: Wed, 8 Dec 2004 12:54:55 -0500
Yes this is very possible, actually somewhat trivial with the available
software out there. Look at Hunt and Ettercap. You can avoid it by
hard coding mac addresses to ports (if you have a managed switch) and
creating static arp entries in the hosts. Relying upon any query
mechanism leaves you vulnerable.
Also there are applications that try and detect such unscrupulous
traffic. Look at aprwatch and snort.
Lastly, security vs effort/complexity/cost is an exponential curve. You
need to find the point where the acceptable risk level and costs are
reasonable for your organization.
From: kaushal [mailto:kaushal () rocsys com]
Sent: Tuesday, December 07, 2004 1:30 PM
To: security-basics () securityfocus com
Subject: switched n/w
Iam a bit new to network securities.We have a switched network and to
my knowledge a hosts' data cannot be sniffed by other host by runnning
tcpdump.But Iam receiving complaints from few users that their data is
being changed/manipulated.Is this possible?
How can I avoid this at the host level?Does this mean the server has
been compromised?Any help or pointer in this aspect would be highly
thanks in advance.
- Re: switched n/w, (continued)