* Switch packet leakage @ 2005-03-27 11:23 Mohamed Eldesoky 2005-03-27 17:21 ` OT: " Jason Opperisano 0 siblings, 1 reply; 7+ messages in thread From: Mohamed Eldesoky @ 2005-03-27 11:23 UTC (permalink / raw) To: netfilter I heard that switches are not 100% perfect. I mean sometimes it leakes packages to different ports, and you can see packets not destined to you. Much like a hub. Have you experienced that before ?? -- Mohamed Eldesoky www.eldesoky.net ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-27 11:23 Switch packet leakage Mohamed Eldesoky @ 2005-03-27 17:21 ` Jason Opperisano 2005-03-27 19:24 ` Cedric Blancher 0 siblings, 1 reply; 7+ messages in thread From: Jason Opperisano @ 2005-03-27 17:21 UTC (permalink / raw) To: netfilter On Sun, 2005-03-27 at 06:23, Mohamed Eldesoky wrote: > I heard that switches are not 100% perfect. > I mean sometimes it leakes packages to different ports, and you can > see packets not destined to you. Much like a hub. > Have you experienced that before ?? http://ettercap.sourceforge.net/ -j -- "'Wet Cement' - is there any sweeter sign? Maybe 'High Voltage.'" --The Simpsons ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-27 17:21 ` OT: " Jason Opperisano @ 2005-03-27 19:24 ` Cedric Blancher 2005-03-28 11:34 ` Mohamed Eldesoky 0 siblings, 1 reply; 7+ messages in thread From: Cedric Blancher @ 2005-03-27 19:24 UTC (permalink / raw) To: Jason Opperisano; +Cc: netfilter Le dimanche 27 mars 2005 à 12:21 -0500, Jason Opperisano a écrit : > http://ettercap.sourceforge.net/ Imho, ARP cache poisoning attacks are nothing related with potential switch leakage. For the OP, I could experience leakage on old switches that turned to "hub mode" when flooded, but nowadays, serious products don't seem to have this kind of behaviour. Furthermore, you have plenty of options to tweak so they can't hit such situation, such as port security stuff. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-27 19:24 ` Cedric Blancher @ 2005-03-28 11:34 ` Mohamed Eldesoky 2005-03-28 11:42 ` R. DuFresne 0 siblings, 1 reply; 7+ messages in thread From: Mohamed Eldesoky @ 2005-03-28 11:34 UTC (permalink / raw) To: Cedric Blancher, netfilter I faced that problem with many switches from cisco, foundry, 3com !!! The last switch I have tested was catalyst 3650 !!! It is not a bad switch, I guess !!! On Sun, 27 Mar 2005 21:24:20 +0200, Cedric Blancher <blancher@cartel-securite.fr> wrote: > Le dimanche 27 mars 2005 à 12:21 -0500, Jason Opperisano a écrit : > > http://ettercap.sourceforge.net/ > > Imho, ARP cache poisoning attacks are nothing related with potential > switch leakage. > > For the OP, I could experience leakage on old switches that turned to > "hub mode" when flooded, but nowadays, serious products don't seem to > have this kind of behaviour. Furthermore, you have plenty of options to > tweak so they can't hit such situation, such as port security stuff. > > -- > http://sid.rstack.org/ > PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE > >> Hi! I'm your friendly neighbourhood signature virus. > >> Copy me to your signature file and help me spread! > > -- Mohamed Eldesoky www.eldesoky.net RHCE ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-28 11:34 ` Mohamed Eldesoky @ 2005-03-28 11:42 ` R. DuFresne 2005-03-29 14:31 ` Mohamed Eldesoky 0 siblings, 1 reply; 7+ messages in thread From: R. DuFresne @ 2005-03-28 11:42 UTC (permalink / raw) To: Mohamed Eldesoky; +Cc: netfilter, Cedric Blancher -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 28 Mar 2005, Mohamed Eldesoky wrote: > I faced that problem with many switches from cisco, foundry, 3com !!! > The last switch I have tested was catalyst 3650 !!! > It is not a bad switch, I guess !!! > Examples, can they be provided? Thanks, Ron DuFresne - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCR+2cst+vzJSwZikRAlYFAJ9bmH/NKDTpnF9BvYITCNSekXLzfgCfZX8m d/FexS62VxsbQQUb9/2hiGc= =obvf -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-28 11:42 ` R. DuFresne @ 2005-03-29 14:31 ` Mohamed Eldesoky 2005-03-29 17:37 ` R. DuFresne 0 siblings, 1 reply; 7+ messages in thread From: Mohamed Eldesoky @ 2005-03-29 14:31 UTC (permalink / raw) To: R. DuFresne, netfilter Examples of what ?? You mean packet captures ?? No need to provide it, since the source and destinations of those packets, are not the machine from where I do sniffing, and it is not the gateway, and these are not broadcasts, but TCP connections. On Mon, 28 Mar 2005 06:42:16 -0500 (EST), R. DuFresne <dufresne@sysinfo.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, 28 Mar 2005, Mohamed Eldesoky wrote: > > > I faced that problem with many switches from cisco, foundry, 3com !!! > > The last switch I have tested was catalyst 3650 !!! > > It is not a bad switch, I guess !!! > > > > Examples, can they be provided? > > Thanks, > > Ron DuFresne > - -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > admin & senior security consultant: sysinfo.com > http://sysinfo.com > > ...Love is the ultimate outlaw. It just won't adhere to rules. > The most any of us can do is sign on as it's accomplice. Instead > of vowing to honor and obey, maybe we should swear to aid and abet. > That would mean that security is out of the question. The words > "make" and "stay" become inappropriate. My love for you has no > strings attached. I love you for free... > -Tom Robins <Still Life With Woodpecker> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.4 (GNU/Linux) > > iD8DBQFCR+2cst+vzJSwZikRAlYFAJ9bmH/NKDTpnF9BvYITCNSekXLzfgCfZX8m > d/FexS62VxsbQQUb9/2hiGc= > =obvf > -----END PGP SIGNATURE----- > -- Mohamed Eldesoky www.eldesoky.net ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: OT: Switch packet leakage 2005-03-29 14:31 ` Mohamed Eldesoky @ 2005-03-29 17:37 ` R. DuFresne 0 siblings, 0 replies; 7+ messages in thread From: R. DuFresne @ 2005-03-29 17:37 UTC (permalink / raw) To: Mohamed Eldesoky; +Cc: netfilter -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 29 Mar 2005, Mohamed Eldesoky wrote: > Examples of what ?? > You mean packet captures ?? > No need to provide it, since the source and destinations of those > packets, are not the machine from where I do sniffing, and it is not > the gateway, and these are not broadcasts, but TCP connections. > examples of exactly what kind of packet leakage you experienced on which vendors switches running what specific switch software. Packet traces would be nice, but are not required. You made the statement you commonly ran into these issues on various vendors products, I'm merely asking that you share specifics of the information you claim. Thanks, Ron DuFresne > On Mon, 28 Mar 2005 06:42:16 -0500 (EST), R. DuFresne > <dufresne@sysinfo.com> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On Mon, 28 Mar 2005, Mohamed Eldesoky wrote: >> >>> I faced that problem with many switches from cisco, foundry, 3com !!! >>> The last switch I have tested was catalyst 3650 !!! >>> It is not a bad switch, I guess !!! >>> >> >> Examples, can they be provided? >> >> Thanks, >> >> Ron DuFresne >> - -- >> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >> admin & senior security consultant: sysinfo.com >> http://sysinfo.com >> >> ...Love is the ultimate outlaw. It just won't adhere to rules. >> The most any of us can do is sign on as it's accomplice. Instead >> of vowing to honor and obey, maybe we should swear to aid and abet. >> That would mean that security is out of the question. The words >> "make" and "stay" become inappropriate. My love for you has no >> strings attached. I love you for free... >> -Tom Robins <Still Life With Woodpecker> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.2.4 (GNU/Linux) >> >> iD8DBQFCR+2cst+vzJSwZikRAlYFAJ9bmH/NKDTpnF9BvYITCNSekXLzfgCfZX8m >> d/FexS62VxsbQQUb9/2hiGc= >> =obvf >> -----END PGP SIGNATURE----- >> > > > -- > Mohamed Eldesoky > www.eldesoky.net > - -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com ...Love is the ultimate outlaw. It just won't adhere to rules. The most any of us can do is sign on as it's accomplice. Instead of vowing to honor and obey, maybe we should swear to aid and abet. That would mean that security is out of the question. The words "make" and "stay" become inappropriate. My love for you has no strings attached. I love you for free... -Tom Robins <Still Life With Woodpecker> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCSZJest+vzJSwZikRAjpKAKDQYlKAsExY3mCuSLnOcul94Yi2jACgynJZ cotDVf79FOS8detCKmEz6mg= =IQUw -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-03-29 17:37 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2005-03-27 11:23 Switch packet leakage Mohamed Eldesoky 2005-03-27 17:21 ` OT: " Jason Opperisano 2005-03-27 19:24 ` Cedric Blancher 2005-03-28 11:34 ` Mohamed Eldesoky 2005-03-28 11:42 ` R. DuFresne 2005-03-29 14:31 ` Mohamed Eldesoky 2005-03-29 17:37 ` R. DuFresne
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox