Date: Sun, 24 Mar 2002 04:00:16 -0800 From: Benjamin Krueger <benjamin@macguire.net> To: Peter Leftwich <Hostmaster@Video2Video.Com> Cc: Courtney Thomas <ccthomas@flash.net>, FreeBSD Questions <FreeBSD-Questions@FreeBSD.Org> Subject: Re: So long and thanks for all the fish [telnet vs ssh] Message-ID: <20020324040016.C3911@rain.macguire.net> In-Reply-To: <20020324032158.V29652-100000@earl-grey.cloud9.net>; from Hostmaster@Video2Video.Com on Sun, Mar 24, 2002 at 03:30:22AM -0500 References: <3C9C83E2.4020102@flash.net> <20020324032158.V29652-100000@earl-grey.cloud9.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* Peter Leftwich (Hostmaster@Video2Video.Com) [020324 00:31]: > On Sat, 23 Mar 2002, Courtney Thomas wrote: > > More please. > > Hubs I believe by default offer bandwidth to connecting workstations on a > "promiscuous" basis, that is, any port can kind of turn around and instead > of saying "hm, is this packet for me, no.. okay is this one for me? no... > etc" say "hm, is this packet for me, no... well it won't hurt to look IN > the packet since I have it in my possession..." > > Switches use a dedicated bandwidth paradigm. Port #2 cannot sniff what's > going on on say, Port #8 (by default), and promiscuously declare "ok all > you packets, please step forward if you contain either [Uu]sername and/or > [Pp]assword in your backpacks. Beware of assuming that your switch will always behave as intended. It is quite possible to sniff all of the traffic running through a switch by forcing it to behave in a less desirable manner. One of the simplest methods of doing this is overflowing the mac address table. Switches keep track of which packets go where by watching the ethernet header of passing packets and routing them to the port which carries that mac address. To perform such a great deed, it relies on an internal table to remember which mac address is on which port. Its a good system, but not without flaws. The table, like all software, is of a finite size. If the switch is given more mac addresses to remember than it can store in the table, it overflows. When this happens, most switches do what all well designed products do; they adapt. Unfortunately for your security, most adapt by going into broadcasting mode, and sending all packets to all ports, thus nullifying your security by switch. =) Often the best method around this is to use a switch which is smart enough to lock mac addresses to ports, and ignore anything else. Even this isn't foolproof, but it will dissuade all but the most dedicated of intruders. Even then, if the intruder can easily guess your switch's management password (it it is misconfigured!), you've lost all security again. -- Benjamin Krueger "Life is far too important a thing ever to talk seriously about." - Oscar Wilde (1854 - 1900) ---------------------------------------------------------------- Send mail w/ subject 'send public key' or query for (0x251A4B18) Fingerprint = A642 F299 C1C1 C828 F186 A851 CFF0 7711 251A 4B18 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020324040016.C3911>