Date: Mon, 28 May 2001 02:05:35 -0700 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Mike Meredith" <hmv@meredithm.fsnet.co.uk>, <questions@FreeBSD.ORG> Subject: RE: security question Message-ID: <003a01c0e755$5b2ebd00$1401a8c0@tedm.placo.com> In-Reply-To: <0105280941350A.00298@warlock.hmv.net>
next in thread | previous in thread | raw e-mail | index | archive | help
If you have a good switch you can install MAC address filters that will block this. These tools work by overflowing the switch's MAC address tables and thus make them start acting like dumb hubs. But, a really good switch (not the $1.99 5 porters from Fry's) can let you install a filter that will shut down this nonsense, or at least alert you when someone's trying it. It ought to be mentioned that on a very busy and large switch with several hundred ports (like a slotted hub) if you screw with these tools the network will run dog slow - someone is gonna notice. Ted Mittelstaedt tedm@toybox.placo.com Author of: The FreeBSD Corporate Networker's Guide Book website: http://www.freebsd-corp-net-guide.com >-----Original Message----- >From: owner-freebsd-questions@FreeBSD.ORG >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mike Meredith >Sent: Monday, May 28, 2001 1:42 AM >To: questions@FreeBSD.ORG >Subject: Re: security question > > >> Basically, I set up three temporary machines (or set up a temp login >> on one machine) We assume that I've cracked machine "A" and you then >> log in to machine "B" via telnet from machine "C". I then show you >> that I've sniffed your password and can now log into machine "B". To >> increase the shock value, I can have you su to root via telnet, which >> then gives me root access to machine "B". >> (p.s. don't try this particular demo if you're running a switch >> because it won't work.) > >I might be repeating the obvious here, but a switched environment >doesn't protect totally against sniffing. It just makes it slightly >more difficult. Look for a utility called 'dsniff', and there are other >tools to do the same job. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003a01c0e755$5b2ebd00$1401a8c0>