Home page logo

basics logo Security Basics mailing list archives

RE: information harvesting from within the network
From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Fri, 3 Jun 2005 12:59:00 -0400

Aside from establishing a trunk link directly from a machine to the
switch what other ways do you know of?
Any properly configured switch should have all user ports be listed as
access.  I have heard rumors of double 802.1Q encapsulation attacks and
STP root bridge hijacking to reroute the active switching path through a
compromised machine but I'd be interested to know if the community is
aware of any other methods for attacking switches.

I've always been interested in writing client side trunk software.

Any takers?


-----Original Message-----
From: Andrew Shore [mailto:andrew.shore () holistecs com] 
Sent: Monday, May 23, 2005 4:57 PM
To: Jason Lopez; ddjjembe 2
Cc: security-basics () securityfocus com
Subject: RE: information harvesting from within the network

VLANs are a management tool not a security tool. There are many ways to
"jump" vlans with in a switch.


-----Original Message-----
From: Jason Lopez [mailto:jaylpz () sbcglobal net]
Sent: 21 May 2005 03:32
To: 'ddjjembe 2'
Cc: security-basics () securityfocus com
Subject: RE: information harvesting from within the network

If you have any manage switches, you could put them on separate VLans,
and deny them access to your private network...

My two-cents
-----Original Message-----
From: ddjjembe 2 [mailto:ddjjembe2 () hotmail com]
Sent: Thursday, May 19, 2005 7:40 PM
To: security-basics () securityfocus com
Subject: information harvesting from within the network

I work in a university that has university typical security practices.  
Currently any authenticated user can scan the parts of the network with
tools like LANguard or Nessus and obtain a considerable amount of 
information from them.   Most of the computers in our network are
computers.  We also have departments with MACs and *nix machines.

If possible, lock down the Windows computers with group policies and/or
templates to disable this potential unauthorized information harvesting
users and then restrict scanning ability to the security group with LDAP

permissions.  Am I on the right track here?

I would like to achieve this without using a host based firewall.

Group policies have large pool of settings to pick from.  Narrowing it
down to a few that disable at least portions would be appreciated.



Don't just search. Find. Check out the new MSN Search! 

  By Date           By Thread  

Current thread:
  • RE: information harvesting from within the network Payton, Zack (Jun 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]