RE: unswitched behavior of a switched network...

From: Erin Carroll (amoeba@amoebazone.com)
Date: Tue Oct 17 2006 - 16:16:03 EDT

• Next message: Troy Fletcher: "RE: BruteForcing?"
• Previous message: Christine Kronberg: "Re: BruteForcing?"
• In reply to: Jon Hart: "Re: unswitched behavior of a switched network..."
• Next in thread: David C. Smith: "Re: unswitched behavior of a switched network..."
• Reply: David C. Smith: "Re: unswitched behavior of a switched network..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

All,

I've let the last few posts on this subject today go through (you'll be
seeing them hit your inbox shortly) but unless this steers back toward a
pen-test focused discussion I'll reject further posts. The topic is
interesting and has covered a lot of routing concepts and aspects but this
is a pen-testing list and not Cisco support :)

Thanks,

--
Erin Carroll
Moderator
SecurityFocus pen-test list
"Do Not Taunt Happy-Fun Ball" 
> -----Original Message-----
> From: listbounce@securityfocus.com
> [mailto:listbounce@securityfocus.com] On Behalf Of Jon Hart
> Sent: Monday, October 16, 2006 2:54 PM
> To: Buz Dale
> Cc: Krugger; pen-test@securityfocus.com
> Subject: Re: unswitched behavior of a switched network...
> 
> On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:
> > I can think if a couple of possibilities.  1) This is
> > broadcast/multicast traffic. 2) The mac addresses are unknown to the
> > switch (So it will flood to find them.) 3) The port could be a trunk
> > or a mirror of a trunk.
> 
> I am also seeing normal broadcast/multicast traffic, but that is to be
> expected.  #3 is not the case here.
> 
> As for #2, thats kinda where I was going with my original question --
> why would a switch that is processing a session between two endpoints
> suddently forget the MAC? Yes, there are timeouts in play here, but
> aren't those along the lines of several minutes?
> 
> Thanks,
> 
> -jon
> 
> -----------------------------------------------------------------------
> -
> This List Sponsored by: Cenzic
> 
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701
> 600000008bOW
> -----------------------------------------------------------------------
> -
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Troy Fletcher: "RE: BruteForcing?"
• Previous message: Christine Kronberg: "Re: BruteForcing?"
• In reply to: Jon Hart: "Re: unswitched behavior of a switched network..."
• Next in thread: David C. Smith: "Re: unswitched behavior of a switched network..."
• Reply: David C. Smith: "Re: unswitched behavior of a switched network..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT