Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: about CAM table overflow attack?

from [David Gillett] Network Security [Permanent Link]
Subject: RE: about CAM table overflow attack?
Date: Mon, 24 Apr 2006 10:19:36 -0700 
  The switch has a separate CAM table for every VLAN.  Whether the filling
of the CAM 
table for one VLAN affects just that VLAN, or the entire switch, will
depend on how those
tables are allocated, and will vary from manufacturer to manufacturer, and
perhaps from
model to model and code release to code release.

  However:  The attacker's port is usually a member of a specific VLAN, and
a working
switch will only deliver traffic to that port if it's within that VLAN.
  Also, there will be traffic on that VLAN that the attacker does not see
*unless* he
overflows the CAM tables for that VLAN on every switch in the network.

David Gillett



-----Original Message-----
From: Monty Ree [mailto:chulmin2@hotmail.com] 
Sent: Tuesday, April 18, 2006 4:23 AM
To: security-basics@securityfocus.com
Subject: about CAM table overflow attack?

Hello, all.

I have read some documents about CAM table overflow(or mac 
flooding, switch
jam) attack.
I have some questions about this.

If some attacker executes macof for sometime, so CAM tables 
would be overflowed.

1. then attacker can see other traffic only which in a same VLAN? 

2. or attacker can see all traffic(over vlan) which switch 
services, like dummy hub?


Thanks in advance.

_________________________________________________________________
확인하자. 오늘의 운세 무료 사주, 궁합, 작명, 전생 가이드   
http://www.msn.co.kr/fortune/default.asp  


--------------------------------------------------------------
-----------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records 
un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------
------------




-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Mac Forensics, anonymous
Next by Date:  SF new column announcement: Forensic felonies, Kelly Martin
Previous by Thread:  RE: about CAM table overflow attack?, Network Security
Next by Thread:  Re: about CAM table overflow attack?, inoutsec
Indexes:  [Date] [Thread] [Top] [All Lists]