[unisog] Network security police no hubs/switches/routers?

Michael Holstein michael.holstein at csuohio.edu
Tue May 24 16:54:14 GMT 2005


> Well yeah, but flooding out the CAM table on a managed switch usually
> triggers some sort of alarm or log message.  Which is why I used the words
> that I did.

That's the noisy and "shotgun" approach. I'm talking about spoofing a 
ARP-Reply to a specific host with the IP of the gateway and your MAC [a 
la 'dsniff']. This, in conjunction with a user-space router application, 
can sniff all the traffic from one (or more) hosts on a segment without 
the switch fussing.

Note: this works just fine on wireless networks as well, including 
encrypted ones, provided the "sniffing" wokstation authenticates and the 
target is on the same AP.

~Mike.


More information about the unisog mailing list