Re: Testing Hubs and Switches

Le mer 11/12/2002 à 10:02, Julian Young a écrit :
> Some time back, i guess it was last summer, somebody was asking for

Project seem to be stalled :

        http://www.alaricsecurity.com/ssp.html

It was an interesting idea, but the only submission is about ARP cache poisoning, and we all know switches are vulnerable to this, just because of their design.

> Further is any one knows of any testing tools / techniques i would also

Taranis will be a good start :

        http://www.bitland.net/taranis/

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Taranis relies on MAC spoofing to redirect network traffic.

You can also have a look at dsniff package :

        http://monkey.org/~dugsong/dsniff/

It comes with macof tool that perform CAM table flooding. A switch can fall into repeater mode for some MAC when CAM table is full.

If you want a complete view of switches attacks, have a look at Sean Convery presentation at Black Hat USA 2002 you can find here :

        http://opensores.thebunker.net/pub/mirrors/blackhat/presentations/bh-usa-02/

You'll find layer 2 attacks such MAC attacks, ARP attacks, protocols attacks (CDP, DTP, VTP), VLAN hopping and others.

-- 
Cédric Blancher  
Consultant en sécurité des systèmes et réseaux  - Cartel Sécurité
Tél: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99
PGP KeyID:157E98EE  FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/