Date: Fri, 20 Aug 1999 16:13:02 -0400 From: "Joe Gleason" <freebsd.list@bug.tasam.com> To: "Joel Maslak" <jmaslak@updatesystems.com>, <freebsd-security@FreeBSD.ORG> Subject: Re: Switches & Security Message-ID: <000b01beeb48$84609f50$0286860a@tasam.com> References: <Pine.LNX.4.10.9908201358560.1547-100000@unix.updatesystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
One solution for method 1 is to use static arp assingments in the router, and in both boxes. > > To compromize a network consisting of a switched backbone... > > Let's say there are two machines, A and B. Let's say there is a router, > R. > > So: > > Internet ---- R ----+ > | > A -- SWITCH -- B > > Let's say B got compromised. > > What B has to do is send ARP broadcasts out, claiming that it is actually > R. Now, it knows R's REAL ethernet address. > > If R is busy and doesn't notice this (can be done a lot of ways), A may > change it's ARP table. If R notices, it may log this problem, or even > stop working. > > Thus, to send packets to the Internet, A ends up sending them to B's > ethernet address (B thinks that is the ethernet address of R). B resends > them (after logging them) to R's real ethernet address. > > --- That was method 1. --- > > There are MANY ways to invalidate the ARP cache of a switch. Some > crash the switch. > > VLANs do *NOT* always protect you, either! VLANs, technically, are just > broadcast domain seperations and nothing more. Some switches prevent any > packet from crossing VLAN boundaries. A lot of others, though, just > prevent broadcast packets from crossing those boundaries. Thus, two > machines can communicate through the VLAN boundary if they know each > other's ethernet address. > > Sending out forged packets with the source ethernet address of another > VLAN is a sure way to confuse most switches, BTW. > > > Joel Maslak > UPDATE Systems Inc. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000b01beeb48$84609f50$0286860a>