Lots of telnet sessions
Matt Alexander
plug-discuss@lists.plug.phoenix.az.us
Mon, 22 Apr 2002 17:07:43 -0700 (PDT)
On Mon, 22 Apr 2002, George Toft wrote:
> Check out:
> http://rr.sans.org/switchednet/switch_security.php
>
> Contrary to popular belief, it is very possible to sniff the network when
> you're on a
> switch. So even if you change the administrator password(s) and the SNMP
> community
> strings, you may still be vulnerable to switch hijacking. The easiest way to
> sniff a
> switched network is to use a tool called ``dsniff'' which tricks the switch
> into sending
> packets destined to other systems to the sniffer. [4] Dsniff not only captures
> packets
> on switched networks, but also has the functionality to automatically decode
> passwords
> from insecure protocols like telnet, HTTP, and SNMP, which are commonly used
> to manage
> switches.
Good points. Personally, I don't rely on VLANs for security. I prefer to
physically isolate each group. But your point is well taken. Switches
are susceptible to sniffing, but it requires more effort than it would on
a network connected through a hub where you can simply run tcpdump and
watch everything go by. So in that sense, I suppose that switches provide
improved security over hubs.
~M