RE: DH-CHAP

[Bill Studenmund <wrstuden@wasabisystems.com>]

On Sun, 14 Apr 2002, Yongge Wang wrote:

>
>
> >In your example, is this attack only possible in a HUBed environment?
> >Would it still be as easy in a Switched only environment?
>
> John,
> For most Switched environment, this attack is possible though for
> some switched network (with some special intelligent conficurations,
> e.g., if the switch will not broadcast the traffic of initiator to the
> attackers's side... however, this configuration is seldom used...
> switch is not supposed to be as smart as a router in Internet),
> this attack will not work.

??? That's exactly what a switch does. If the ethernet packet is not an
ethernet broadcast packet, and the switch knows which port the MAC is on
(i.e. the MAC of the router), the packet will go out only the port for the
MAC.

While there is an attack mode which puts switches into hub mode (you send
way too many new MAC addresses), it is a very noticable DoS attack.

> The only requirement for the attack to work is that the
> attacker's network card could "see" the request from the initiator.
> For most networks, the attacker could see this due to the low-level
> broadcast property of Ethernet.

See above; with a switch, the broadcast-everything property goes away.
That's the point of a switch.

Take care,

Bill