[unisog] Strange things from our residence.

Elliot Metsger emetsger at jhu.edu
Thu Oct 24 06:22:42 GMT 2002

I agree with John.  While it may be technically correct for a switch to 
source frames with a broadcast address, it doesn't make sense, and 
obviously has security ramifications.  I encourage comments on the 
switch vendor and OS version.  Another sinister layer 2 attack may be a 
host on a network participating in spanning tree...


John Kristoff wrote:
> On Tue, 22 Oct 2002 15:26:59 -0400
> Pete Hickey <pete at shadows.uottawa.ca> wrote:
>>source MAC address of FFFFFFFFFFFF..  A broadcast as the asource.
>>NOw, what the switch was doing (a bug IMO) was noting that this was
>>the MAC associated with that port.  Then, all broadcasts were directed

> Care to comment on the vendor switch, the version of code and any
> interesting configuration that may affect its behavior?  Your experience
> certainly doesn't sound like proper bridge address table behavior
> (perhaps technical legal, but certainly not sane).
> John

More information about the unisog mailing list