Re: Network Configuration Question?

From: netsec novice <netsec9(at)hotmail.com>
Date: Tue Nov 05 2002 - 11:14:18 EST

I recently saw similar behaviour running tcpdump on my workstation that is attached to a Cisco catalyst switch. I would be interested to find any answers myself.

>From: "Ian Lyte" <ilyte@alias666.freeserve.co.uk>
>To: <security-basics@securityfocus.com>
>Subject: Network Configuration Question?
>Date: Mon, 4 Nov 2002 16:58:37 -0000
>
>Hi All,
>
> On a corporate machine, I was having trouble removing the TinyBar
>scrote-ware that had installed itself surreptitiously onto my machine. As
>part of the process of tracking down how it was running, I downloaded a
>small packet sniffer and ran it so I could attempt to trace the outgoing
>target address of the pop-up window.
>
> We are on a 100mbs switched network (I believe switched but ..).
>
> Now imagine my surprise when I could pick up traffic from around 6
>other
>machines, including HTTP, POP, SMTP and all the associated passwords.
>
> Some of the machines were geographically close to me in the office but
>not all. How could this happen on a switched network - has one of the
>switches fallen over into broadcast mode or something? If so how do I go
>about determining (remotely) why/how it has fallen over, who else is on the
>segment, and what other avenues do I have to explore?
>
> Thanks in advance
>
>Ian

---

Unlimited Internet access for only $21.95/month.  Try MSN! http://resourcecenter.msn.com/access/plans/2monthsfree.asp Received on Tue Nov 5 14:12:20 2002