From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mohamed Eldesoky Subject: Re: OT: Switch packet leakage Date: Mon, 28 Mar 2005 13:34:30 +0200 Message-ID: <1403218a05032803345ddd21ed@mail.gmail.com> References: <1403218a05032703237431b6a4@mail.gmail.com> <1111944083.4316.3.camel@hubcap.ljm.dom> <1111951460.5199.7.camel@anduril.intranet.cartel-securite.net> Reply-To: Mohamed Eldesoky Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: <1111951460.5199.7.camel@anduril.intranet.cartel-securite.net> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1" To: Cedric Blancher , netfilter I faced that problem with many switches from cisco, foundry, 3com !!! The last switch I have tested was catalyst 3650 !!! It is not a bad switch, I guess !!! On Sun, 27 Mar 2005 21:24:20 +0200, Cedric Blancher wrote: > Le dimanche 27 mars 2005 =E0 12:21 -0500, Jason Opperisano a =E9crit : > > http://ettercap.sourceforge.net/ >=20 > Imho, ARP cache poisoning attacks are nothing related with potential > switch leakage. >=20 > For the OP, I could experience leakage on old switches that turned to > "hub mode" when flooded, but nowadays, serious products don't seem to > have this kind of behaviour. Furthermore, you have plenty of options to > tweak so they can't hit such situation, such as port security stuff. >=20 > -- > http://sid.rstack.org/ > PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature virus. > >> Copy me to your signature file and help me spread! >=20 >=20 --=20 Mohamed Eldesoky www.eldesoky.net RHCE