From: David C. Smith (dcs44@georgetown.edu)
Date: Tue Oct 17 2006 - 20:24:27 EDT
Usually a lurker - try looking for macof for CAM overflow attacks and
think basic traffic flooding.
Found this as a pretty good start...
http://www.ciscopress.com/content/images/1587201534/samplechapter/1587201534content.pdf
-Dave
Erin Carroll wrote:
> All,
>
> I've let the last few posts on this subject today go through (you'll be
> seeing them hit your inbox shortly) but unless this steers back toward a
> pen-test focused discussion I'll reject further posts. The topic is
> interesting and has covered a lot of routing concepts and aspects but this
> is a pen-testing list and not Cisco support :)
>
> Thanks,
>
> --
> Erin Carroll
> Moderator
> SecurityFocus pen-test list
> "Do Not Taunt Happy-Fun Ball"
>
>
>
>> -----Original Message-----
>> From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com] On Behalf Of Jon Hart
>> Sent: Monday, October 16, 2006 2:54 PM
>> To: Buz Dale
>> Cc: Krugger; pen-test@securityfocus.com
>> Subject: Re: unswitched behavior of a switched network...
>>
>> On Mon, Oct 16, 2006 at 03:55:43PM -0400, Buz Dale wrote:
>>
>>> I can think if a couple of possibilities. 1) This is
>>> broadcast/multicast traffic. 2) The mac addresses are unknown to the
>>> switch (So it will flood to find them.) 3) The port could be a trunk
>>> or a mirror of a trunk.
>>>
>> I am also seeing normal broadcast/multicast traffic, but that is to be
>> expected. #3 is not the case here.
>>
>> As for #2, thats kinda where I was going with my original question --
>> why would a switch that is processing a session between two endpoints
>> suddently forget the MAC? Yes, there are timeouts in play here, but
>> aren't those along the lines of several minutes?
>>
>> Thanks,
>>
>> -jon
>>
>> -----------------------------------------------------------------------
>> -
>> This List Sponsored by: Cenzic
>>
>> Need to secure your web apps?
>> Cenzic Hailstorm finds vulnerabilities fast.
>> Click the link to buy it, try it or download Hailstorm for FREE.
>> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701
>> 600000008bOW
>> -----------------------------------------------------------------------
>> -
>>
>
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT