Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 28 May 2001 02:05:35 -0700
From:      "Ted Mittelstaedt" <tedm@toybox.placo.com>
To:        "Mike Meredith" <hmv@meredithm.fsnet.co.uk>, <questions@FreeBSD.ORG>
Subject:   RE: security question
Message-ID:  <003a01c0e755$5b2ebd00$1401a8c0@tedm.placo.com>
In-Reply-To: <0105280941350A.00298@warlock.hmv.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
If you have a good switch you can install MAC
address filters that will block this.  These tools
work by overflowing the switch's MAC address tables and
thus make them start acting like dumb hubs.  But, a
really good switch (not the $1.99 5 porters from
Fry's) can let you install a filter that will shut
down this nonsense, or at least alert you when someone's
trying it.

It ought to be mentioned that on a very busy and large
switch with several hundred ports (like a slotted hub)
if you screw with these tools the network will run dog slow - someone is
gonna notice.


Ted Mittelstaedt                      tedm@toybox.placo.com
Author of:          The FreeBSD Corporate Networker's Guide
Book website:         http://www.freebsd-corp-net-guide.com


>-----Original Message-----
>From: owner-freebsd-questions@FreeBSD.ORG
>[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Mike Meredith
>Sent: Monday, May 28, 2001 1:42 AM
>To: questions@FreeBSD.ORG
>Subject: Re: security question
>
>
>> Basically, I set up three temporary machines (or set up a temp login
>> on one machine) We assume that I've cracked machine "A" and you then
>> log in to machine "B" via telnet from machine "C". I then show you
>> that I've sniffed your password and can now log into machine "B". To
>> increase the shock value, I can have you su to root via telnet, which
>> then gives me root access to machine "B".
>> (p.s. don't try this particular demo if you're running a switch
>> because it won't work.)
>
>I might be repeating the obvious here, but a switched environment
>doesn't protect totally against sniffing. It just makes it slightly
>more difficult. Look for a utility called 'dsniff', and there are other
>tools to do the same job.
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-questions" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?003a01c0e755$5b2ebd00$1401a8c0>