SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: DH-CHAP



    Excerpt of message (sent 15 April 2002) by Yongge Wang:
    > 
    > >> For most Switched environment, this attack is possible though for
    > >> some switched network (with some special intelligent conficurations,
    > >> e.g., if the switch will not broadcast the traffic of initiator to the
    > >> attackers's side... however, this configuration is seldom used...
    > >> switch is not supposed to be as smart as a router in Internet),
    > >> this attack will not work.
    > >
    > >??? That's exactly what a switch does. If the ethernet packet is not an
    > >ethernet broadcast packet, and the switch knows which port the MAC is on
    > >(i.e. the MAC of the router), the packet will go out only the port for the
    > >MAC.
    > 
    > But the switch has to broadcast again on the outgoing port, right?
    > That port is not solely reserved for the target device. What I want
    > to clarify here is that: The target device is not generally the only device
    > on that Ethernet connected to the outgoing port of the switch.
    > All devices on that Ethernet could hear and play the attack.
    
    Gigabit Ethernet (and beyond) is full duplex.  Well, in theory there's
    half duplex GE; in practice that does not exist.
    
    So on every switch port there is by definition exactly ONE device.
    
    The case you're thinking about is meaningful for 10Mb/s and 100 Mb/s
    Ethernet, at least for those cases where people mix hubs and
    switches.  Given the cost of switch ports, that's becoming less and
    less common even there.
    
         paul
    
    

    • Follow-Ups:
    • References:
      • RE: DH-CHAP
        • From: Bill Studenmund <wrstuden@wasabisystems.com>
      • RE: DH-CHAP
        • From: "Yongge Wang" <ywang@karthika.com>


Home

Last updated: Tue Apr 16 14:18:25 2002
9687 messages in chronological order