-
November 19th, 2002, 01:38 AM
#11
Actually nebulus, spoofing arp (dsniff) still does not give you to ability to sniff hosts on other vlans:
that is because the switch determines if the physical port is a member of the particular vlan: it is not based on MAC addresses... So if you were to use dsniff in a VLAN, you would be able to sniff other hosts on that vlan, but not hosts on other vlans (unless on a trunk link as I said eariler, in which case you wouldn't even need dsniff...)
Ammo
Credit travels up, blame travels down -- The Boss
-
December 3rd, 2002, 02:56 AM
#12
Member
Im Chris Bartholomew - 18 Years old
TSeNg
questions? Cxbartholomew@yahoo.com
-
December 3rd, 2002, 01:28 PM
#13
ACL's have nothing to do with this...
ACL's do not prevent someone from using a packet sniffer to see what is going across the wire
-
December 16th, 2002, 09:24 AM
#14
Member
When a port of a switch enter trunk mode . The datagram are not encrypted it self . If we use ISL trunk , Cisco Switch or Router add 4 field , call ISL header -everybody knows that- , or 802.1q internal header .
Trunking line is different from normal Accesslink in one aspect , capable of trasmiting data from more than 1 VLAN . Basically , Trunking is poor design for security , i guess .
A traffic-analyzer can easily capture Trunk-ethernet frame . Knowing the correct mode of trunk , so the hacker/cracker can easily decode it , determine which VLAN does this frame belong , and so on , the user data .
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
-
December 16th, 2002, 12:26 PM
#15
-
December 16th, 2002, 03:27 PM
#16
Member
Whether VLAN are hardware based or software based has nothing to do with its proness to hacker's attack . Their principals remain the same . The hacker could always plug his PC to one port of the switch legally ( he is user in his Vlan) but when he crack down the Switch console , he could turn his port into trunk mode , and his local line to the switch become trunk line (with some setting in his pc - that is also a trunk port) and analyz other Vlan traffic by simply removing the ISL or 802.1q header (external and internal) . But that is Trunk .
In a dynamic Vlan enviroment , spoofing the the Vlan Membership Policy server (VMPS) about the host 's MAC address is quite possible . But a well designed Lan security policy will easily shut this hole .
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
-
December 16th, 2002, 08:11 PM
#17
-
December 17th, 2002, 05:47 AM
#18
Member
Should we bother in such solution ? I think we just have to statically asign the MAC address of the critical server when we are configuring switch .
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
-
December 17th, 2002, 10:23 AM
#19
Thanks iNViCTuS,
that's quite a good paper (SANS is a good site anyway). I agree with that analysys adding maybe that the main risk is about DoS and not confidentiality (I don't believe in arp spoofing for spying a connection, real end users will quickly know that smth is wrong).
But DoS & ARP spoofing may be use to place a zombie in the white city and that's a way a coompromisong an host/server.
Anyway I still don't beleive there is a way to fool a ethernet switch properly configured.
For instance Hacher is in a default_VLAN (admin made sure that there no way to take hand on internal switch servers such as telnet or ftp from the default_VLAN=> hacker can not change anything about ports configuration) and the target is VLAN A.
I don't think that the hacker host as a chance to sniff anything on VLAN A just by sending layer 2 data to the zswitch to compromise it!
[shadow] SHARING KNOWLEDGE[/shadow]
-
December 17th, 2002, 11:16 AM
#20
Member
Originally posted here by Networker
For instance Hacher is in a default_VLAN (admin made sure that there no way to take hand on internal switch servers such as telnet or ftp from the default_VLAN=> hacker can not change anything about ports configuration) and the target is VLAN A.
I don't think that the hacker host as a chance to sniff anything on VLAN A just by sending layer 2 data to the zswitch to compromise it! [/B]
Of course , but changing his MAC address is quite possible ?
Let\'s go to Paramount Great America !!!! LFC (LookingForChick)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|