From owner-freebsd-questions Mon May 28 2: 5:46 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [206.29.169.15]) by hub.freebsd.org (Postfix) with ESMTP id 41D6B37B423 for ; Mon, 28 May 2001 02:05:42 -0700 (PDT) (envelope-from tedm@toybox.placo.com) Received: from tedm.placo.com (nat-rtr.freebsd-corp-net-guide.com [206.29.168.154]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id f4S95Zk92864; Mon, 28 May 2001 02:05:35 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: "Mike Meredith" , Subject: RE: security question Date: Mon, 28 May 2001 02:05:35 -0700 Message-ID: <003a01c0e755$5b2ebd00$1401a8c0@tedm.placo.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 In-Reply-To: <0105280941350A.00298@warlock.hmv.net> X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If you have a good switch you can install MAC address filters that will block this. These tools work by overflowing the switch's MAC address tables and thus make them start acting like dumb hubs. But, a really good switch (not the $1.99 5 porters from Fry's) can let you install a filter that will shut down this nonsense, or at least alert you when someone's trying it. It ought to be mentioned that on a very busy and large switch with several hundred ports (like a slotted hub) if you screw with these tools the network will run dog slow - someone is gonna notice. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mike Meredith >Sent: Monday, May 28, 2001 1:42 AM >To: questions@FreeBSD.ORG >Subject: Re: security question > > >> Basically, I set up three temporary machines (or set up a temp login >> on one machine) We assume that I've cracked machine "A" and you then >> log in to machine "B" via telnet from machine "C". I then show you >> that I've sniffed your password and can now log into machine "B". To >> increase the shock value, I can have you su to root via telnet, which >> then gives me root access to machine "B". >> (p.s. don't try this particular demo if you're running a switch >> because it won't work.) > >I might be repeating the obvious here, but a switched environment >doesn't protect totally against sniffing. It just makes it slightly >more difficult. Look for a utility called 'dsniff', and there are other >tools to do the same job. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message