<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Penetration Testing: Re: [PEN-TEST] Spoofing switched networks

Re: [PEN-TEST] Spoofing switched networks

From: Simon Waters <Simon_at_wretched.demon.co.uk>
Date: Wed, 7 Feb 2001 01:42:21 +0000

Sam Quigley wrote:
>
> Because they can, sometimes, be made to fail open. Then, everything
> is on one big LAN, and standard switch sniffing methods can reveal
> all the network traffic.

This was a hot topic at one site I went to. Especially when looking at
the top end Netscreen Firewalls (and similar) where multiple virtual
firewalls sit on the same gigabit ethernet segments using VLAN's to
divide the traffic out at lower end switches nearer the hosted servers.

Some of the switch vendors are claiming that their VLAN implementations
are pretty tight. Certainly the managability benefits that this kind of
firewalling solution brings to hosting sites means we will see more
VLAN's used in fairly sensitive areas.

I'd be interested in knowing if anyone has breeched any VLANs, and if so
who's.
Received on Feb 07 2001

This message: [ Message body ]
Next message: shawn . moyer: "Re: [PEN-TEST] Spoofing switched networks"
Previous message: Shoten: "Re: [PEN-TEST] Spoofing switched networks"
In reply to: Sam Quigley: "Re: [PEN-TEST] Spoofing switched networks"
Next in thread: Nathan Catlow: "Re: [PEN-TEST] Spoofing switched networks"
Reply: Nathan Catlow: "Re: [PEN-TEST] Spoofing switched networks"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos