Jim Eckford wrote:
> Be aware that even 'dumb' switches can be attacked. The usual method is to feed
> them with spoofed MAC addresses until the address table overflows, which, with
> some switches, causes it to go in to flooding mode. In other words, it becomes a
> simple hub from which all traffic can be captured. A managed switch would at
> least be able to warn you by SNMP trap that the table was full.
Sniffing and hijacking is usually possible in a switcher (depending
on the configuration of course) by ARP spoffing, thus tricking a host in
your segment into sending the traffic to you. Then all you have to do is relay
those packets to the real destination, changing the stream of data as you like.
There is a tool called hunt that implements this kind of attack.
--
LiquidK
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
