At 08.15 31-01-2002, you wrote:

>The Cisco switches at least can be secured against this, if you can
>live with the inconvenience. If you have one machine per port, you
>can configure the switch to learn the first MAC address it sees,
>and then not accept frames from any other address. This means
>that you can't move machines around or changes NICs without the
>switch admin resetting the MAC address for the affected ports. It also
>means that you can't chain multiple machines off of any ports
>configured that way, say via a hub.

this protection is useless if you use Arp poisoning without spoofing your
mac address.
since the targets are the arp cache of the victims and not the switch
itself, the port security feature can't block "fake arp replies" with
"legal" mac address.
then, when the cache are poisoned, all the packets have the right source
mac address and the switch is happy about it ;)

bye bye

    --==> ALoR <==---------------------- - - -

  ettercap project : http://ettercap.sourceforge.net
  e-mail: alor (at) users (dot) sourceforge (dot) net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]