[unisog] Network security police no hubs/switches/routers?
michael.holstein at csuohio.edu
Tue May 24 16:54:14 GMT 2005
> Well yeah, but flooding out the CAM table on a managed switch usually
> triggers some sort of alarm or log message. Which is why I used the words
> that I did.
That's the noisy and "shotgun" approach. I'm talking about spoofing a
ARP-Reply to a specific host with the IP of the gateway and your MAC [a
la 'dsniff']. This, in conjunction with a user-space router application,
can sniff all the traffic from one (or more) hosts on a segment without
the switch fussing.
Note: this works just fine on wireless networks as well, including
encrypted ones, provided the "sniffing" wokstation authenticates and the
target is on the same AP.
More information about the unisog