SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: DH-CHAP



    On Sun, 14 Apr 2002, Yongge Wang wrote:
    
    >
    >
    > >In your example, is this attack only possible in a HUBed environment?
    > >Would it still be as easy in a Switched only environment?
    >
    > John,
    > For most Switched environment, this attack is possible though for
    > some switched network (with some special intelligent conficurations,
    > e.g., if the switch will not broadcast the traffic of initiator to the
    > attackers's side... however, this configuration is seldom used...
    > switch is not supposed to be as smart as a router in Internet),
    > this attack will not work.
    
    ??? That's exactly what a switch does. If the ethernet packet is not an
    ethernet broadcast packet, and the switch knows which port the MAC is on
    (i.e. the MAC of the router), the packet will go out only the port for the
    MAC.
    
    While there is an attack mode which puts switches into hub mode (you send
    way too many new MAC addresses), it is a very noticable DoS attack.
    
    > The only requirement for the attack to work is that the
    > attacker's network card could "see" the request from the initiator.
    > For most networks, the attacker could see this due to the low-level
    > broadcast property of Ethernet.
    
    See above; with a switch, the broadcast-everything property goes away.
    That's the point of a switch.
    
    Take care,
    
    Bill
    
    

    • Follow-Ups:
    • References:


Home

Last updated: Mon Apr 15 14:18:26 2002
9674 messages in chronological order