Home page logo

bugtraq logo Bugtraq mailing list archives

Re: False security in switches and a little more Rconsole.
From: peter.jeremy () AUSS2 ALCATEL COM AU (Peter Jeremy)
Date: Wed, 14 Oct 1998 07:28:47 +1000

Chris Zagar <zagar () GCINFO GC MARICOPA EDU> wrote:
Ok, heres a very simple solution:  Buy a switch.

Actually, switches do help, but they also run the risk of people actually
believing that their switched connections are private, lulling you into a
false sense of security.

[Description of port monitoring facilities deleted]

And quite apart from the documented and intentional port monitoring
facilities, the switch may leak packets.

I have a number of systems attached via switch ports to our backbone
(for traffic purposes).  Last year I took some traffic samples from a
machine connected to one brand of switch.  I recently repeated the
test with a different brand of switch.  In both cases, there were
about 2 packets per second (around 2% of the segment traffic) that
were unicast, and not intended for the machine that received them.

Moral: Don't rely on your switch for security.

Peter Jeremy (VK2PJ)                    peter.jeremy () alcatel com au
Alcatel Australia Limited
41 Mandible St                          Phone: +61 2 9690 5019
ALEXANDRIA  NSW  2015                   Fax:   +61 2 9690 5247

  By Date           By Thread  

Current thread:
  • Re: False security in switches and a little more Rconsole. Peter Jeremy (Oct 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]