Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: unswitched behavior of a switched network...

from [Michael Scheidell] Network Security [Permanent Link]
Subject: RE: unswitched behavior of a switched network...
Date: Sat, 14 Oct 2006 07:52:27 -0400 


-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of Jon Hart
Sent: Friday, October 13, 2006 12:32 PM
To: pen-test@securityfocus.com
Subject: unswitched behavior of a switched network...

My question is, has anyone seen a situation where the same 
broadcast behavior occurs, but the CAM table itself is not 
overloaded and there is no good reason for entries to be 
expiring?  Furthermore, even if the entries were expired, has 
anyone encountered situations (malicious or otherwise), where 
a given port will receive traffic outside of its own L2?


Broadcasts are, well, broadcasts.  They have to broadcast.  All
broadcasts are passed to all ports.

In fact, you will always see broadcasts, ipx, multicast, vrrp, CDP and
other type messages on all ports.

Also, is it a Cisco? Or some other box? Some 'switches' are just cheap
hubs (ok, expensive hubs) and if you have some 10mb and some 100mb
traffic, it can act as a hub.

-- 
Michael Scheidell, CTO
561-999-5000, ext 1131
SECNAP Network Security Corporation
 

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to exploit gain root of OpenSSL?, Manuel Arostegui Ramirez
Next by Date:  Re: unswitched behavior of a switched network..., Krugger
Previous by Thread:  Re: unswitched behavior of a switched network..., Nicob
Next by Thread:  Re: unswitched behavior of a switched network..., Jon Hart
Indexes:  [Date] [Thread] [Top] [All Lists]