Date: Fri, 05 Jan 2001 19:48:08 +0100 From: sthaug@nethelp.no To: matrix@ipform.ru Cc: questions@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: Building a local network on switches (ANTISNIFFER measures) Message-ID: <63189.978720488@verdi.nethelp.no> In-Reply-To: Your message of "Fri, 5 Jan 2001 21:03:11 %2B0300" References: <000b01c07741$c85272c0$0c00a8c0@ipform.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
> Somebody said, that there is way to fool but floodding it with weird > arpa entries and the switch will fall back into hub mode. I wonder if it > is true for all hubs and if I can use non SNMP controllable hub. Think about how a hub works (or for that matter a switch). It has a MAC address table of a certain finite size. If you send packets with a MAC address which is not in the address table, the packet must be transmitted on all ports (except the one it arrived on). MAC addresses are learned as packets are received. Thus in many cases you can force transmission on all ports by flooding the hub or switch with lots of fake MAC addresses, thus flushing the real MAC addresses from the table. (A switch may have a MAC address table per port - but the original argument still holds.) Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63189.978720488>