Date: Mon, 6 Sep 1999 13:04:05 -0700 (PDT) From: Tom <tom@uniserve.com> To: Alfred Perlstein <bright@wintelcom.net> Cc: Brad Knowles <blk@skynet.be>, Dag-Erling Smorgrav <des@flood.ping.uio.no>, Pascal Hofstee <daeron@Wit401305.student.utwente.nl>, freebsd-questions@FreeBSD.ORG, freebsd-stable@FreeBSD.ORG Subject: Re: softupdates in latest build? Message-ID: <Pine.BSF.4.02A.9909061254470.13016-100000@shell.uniserve.ca> In-Reply-To: <Pine.BSF.4.05.9909061201010.6392-100000@fw.wintelcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 6 Sep 1999, Alfred Perlstein wrote: > > Besides, most ethernets are switched these days, making password > > sniffing for anything but connections to or from the machine the sniffer > > is running on completely useless. > > Isn't it possible to spoof arp and compromise a switch? > > Just wondering. Well, it depends. ARP is used to resolve IPs to MAC addresses. L2 switches don't even look at ARP. They just memorize where different MAC addresses are. Now, if an ARP broadcast goes out from a certain client for a login box, and the login box and a spoofing box both answer the request, the client will report a duplicate IP error. So you don't really gain anything. You certainly can't "compromise" the switch. You can try spoofing MAC addresses, but a switch will direct traffic to the port with a particular registered MAC address. So either the spoofing box or the login box get the traffic, not both. Either way, things will not be working right on the network, and people are going to notice. Also, all switches allow particular MAC addresses to be hard-coded to particular ports. If other ports attempt to use them, they are shutdown or ignored. You are however screwed if the login box goes done, and your spoofing box tries to impersonate it. This however would be detected very quickly because whatever services the login box had wouldn't be working, unlike a classic sniffer. > -Alfred > > > Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9909061254470.13016-100000>