Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Oct 2001 06:49:59 +1100
From:      Peter Jeremy <peter.jeremy@alcatel.com.au>
To:        Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
Cc:        Alexey Koptsevich <alex@astro.su.se>, security@FreeBSD.ORG
Subject:   Re: access from monitoring host
Message-ID:  <20011029064959.E75481@gsmx07.alcatel.com.au>
In-Reply-To: <Pine.BSF.4.21.0110022254010.428-100000@lhotse.zaraska.dhs.org>; from kzaraska@student.uci.agh.edu.pl on Tue, Oct 02, 2001 at 11:03:23PM %2B0200
References:  <Pine.GSO.4.10.10110021523540.18156-100000@dioscuri.astro.su.se> <Pine.BSF.4.21.0110022254010.428-100000@lhotse.zaraska.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Oct 02, 2001 at 11:03:23PM +0200, Krzysztof Zaraska wrote:
>On Tue, 2 Oct 2001, Alexey Koptsevich wrote:
>> I dp not understand, why access method should be different in cases when
>> monitoring host is behind the switch or connected through the hub?
>If your network is connected with a switch then all traffic between hosts
>A and B is not visible by any other host;

Note that you should not rely on a switch for security - switch
behaviour is designed to reduce network traffic, not provide security.

Unless you hard-wire the MAC address(es) on each switch port, it's
fairly easy (though detectable) to fool a switch into sending you
traffic intended for another node (by claiming that your computer has
the MAC address belonging to the computer you want to see traffic
for).  You can also flood the switch with different MAC addresses -
once you overload its MAC CAM, it will forward packets on all ports
until it re-learns the MAC addresses.

If you can break into the switch, most (all?) manageable switches have
the ability to mirror one port onto another (for network trouble-
shooting).  You can simply mirror the port you want to snoop onto your
port.

Peter

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011029064959.E75481>