mailing list archives
Re: False security in switches and a little more Rconsole.
From: booloo () CATS UCSC EDU (Mark Boolootian)
Date: Tue, 13 Oct 1998 15:27:24 -0700
Most switches have some facility to allow you to monitor another port, the
traffic of an entire VLAN, or even all traffic in the switch. If your
switch is compromised, someone could listen in on your workstation
conversations, which you thought were private.
A much more straightforward attack against switches involves a machine
which can alter its ethernet address and which is directly attached to
a switch. The machine generates a stream of packets, each coming from a
unique ethernet address. Once the switch's forwarding table has filled,
the switch will flood all subsequent traffic out all ports (excluding ports
that have been configured specifically not to flood). At this point, the
switch, in effect, resembles a repeater. Switches often offer mechanisms
to limit the number of MAC addresses on a per port basis, but most folks
don't bother with such configurations.