[unisog] Strange things from our residence.
emetsger at jhu.edu
Thu Oct 24 06:22:42 GMT 2002
I agree with John. While it may be technically correct for a switch to
source frames with a broadcast address, it doesn't make sense, and
obviously has security ramifications. I encourage comments on the
switch vendor and OS version. Another sinister layer 2 attack may be a
host on a network participating in spanning tree...
John Kristoff wrote:
> On Tue, 22 Oct 2002 15:26:59 -0400
> Pete Hickey <pete at shadows.uottawa.ca> wrote:
>>source MAC address of FFFFFFFFFFFF.. A broadcast as the asource.
>>NOw, what the switch was doing (a bug IMO) was noting that this was
>>the MAC associated with that port. Then, all broadcasts were directed
> Care to comment on the vendor switch, the version of code and any
> interesting configuration that may affect its behavior? Your experience
> certainly doesn't sound like proper bridge address table behavior
> (perhaps technical legal, but certainly not sane).
More information about the unisog