RE: DH-CHAP

To: Yongge Wang <ywang@karthika.com>
Subject: RE: DH-CHAP
From: Bill Studenmund <wrstuden@wasabisystems.com>
Date: Mon, 15 Apr 2002 10:51:44 -0700 (PDT)
Cc: <ips@ece.cmu.edu>
Content-Type: TEXT/PLAIN; charset=US-ASCII
In-Reply-To: <FOEDIAMMNNAJCNDKPAAPIEFACAAA.ywang@karthika.com>
Sender: owner-ips@ece.cmu.edu

On Mon, 15 Apr 2002, Yongge Wang wrote:

> >??? That's exactly what a switch does. If the ethernet packet is not an
> >ethernet broadcast packet, and the switch knows which port the MAC is on
> >(i.e. the MAC of the router), the packet will go out only the port for the
> >MAC.
>
> But the switch has to broadcast again on the outgoing port, right?
> That port is not solely reserved for the target device. What I want
> to clarify here is that: The target device is not generally the only device
> on that Ethernet connected to the outgoing port of the switch.
> All devices on that Ethernet could hear and play the attack.

All of the environments I've been in where switches have been used, the
devices on the outgoing port are other switches. All the way to the target
device.

Yes, we shouldn't depend on that to the point of using cleartext
passwords. But in a switched environment, I do not think this attack is
easy to pull off.

Take care,

Bill

References:
- RE: DH-CHAP
  - From: "Yongge Wang" <ywang@karthika.com>

Prev by Date: RE: DH-CHAP
Next by Date: Re: DH-CHAP
Prev by thread: RE: DH-CHAP
Next by thread: Re: DH-CHAP
Index(es):
- Date
- Thread

Home

Last updated: Mon Apr 15 15:18:22 2002
9679 messages in chronological order