Cisco Switch "All Open" state
Results 1 to 4 of 4

Thread: Cisco Switch "All Open" state

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    137

    Cisco Switch "All Open" state

    Hey gang,

    Just a quick question about Cisco switches and vulnerabilites.

    As many may know, if a switch is configured without a mirror port for monitoring an attacker can flood a switch to force it to enter an "all open" state where it basicly makes the switch act as a hub would and broadcast out all ports. This allows the attacker to monitor all traffic passing through the switch.

    My question is this:

    If this is the case and there are VLANs set up on the switch, does it also cause the VLANs to fail? Or are the VLANs preserved on their ports? Or does the switch fail, sends packets out all ports, but keps the individual VLANs intact?

    Not sure if this is enough info, but I got into a debate about it with someone and want to see what you guys come up with?
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

  2. #2
    greetings kruptos...

    You'd expect the VLANs to stay intact. Whether one or all VLANs starts broadcasting everything is more of an implementation detail, and a rather irrelevant one at that. If you want to listen to particular traffic passing through a switch, there are more targeted and subtle ways to do it (spoofing specific MAC addresses etc).

  3. #3
    Member
    Join Date
    May 2005
    Posts
    92
    Good question. If you're talking about specifically port based VLAN implementation then no, it will not fail. The VLANs will not communicate with each other without the use of a router. The problem that causes a switch to fail that you are referring to is ARP poison where you confuse the switch and it has no choice but to broadcast. Since it will only broadcast on the VLAN that a specific port is on there is no VLAN failure even though the switch has seemed to fail due to its broadcast nature.

    *edit* This refers to cisco switches, I'm not sure about other switch devices
    "Experience is the hardest teacher, it gives the test first and the lesson after." Anonymous

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    That is sort of what I was thinking. I was not trying to use this as a expolit, but a customer was concerned about others being plugged into his switch. The argument was that it is VLAN'd off and they cant touch the other network. I was not sure though about if the VLANs would remain if the switch was targeted and forced into a all open state.

    Thanks for your input!
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •