jusupov.com

At the Network layer, hosts are identified by IP addresses. At the Data Link layer, however, hosts are identified by MAC addresses. All packets (in ethernet) are delivered by MAC address (ARP and RARP convert between IP and MAC addresses).

To conserve bandwidth, switches direct traffic to a specific port based on the target MAC address (as opposed to hubs which simply broadcast all packets to all ports). This allows multiple peer-to-peer conversations to occur at the same time as each conversation only requires two ports (whereas in a hub each conversation occupies all ports!) Hence, bandwidth management; not security .

For a switch to know which port connects to which MAC addresses, the switch creates and manages a CAM table (a simple mapping between port and MAC address(es)). If no Port Security, this table is dynamic and changes over time (to allow for hosts to appear, disappear and move between ports). The switch learns the CAM table mappings by monitoring the source and destination MAC addresses in packets that it directs.

Now look at the Port Stealing slide. Send layer 2 packets with “source address equal to victim host address” and “destination address equal to its own mac address”. Taking these in reverse order, the switch will direct the packet to the port mapped to the destination address, the attackers “own mac address”; i.e. the packet will return to the attackers host (so no other hosts will notice the packet). At the same time, the switch will record the source address of the packet against the port it came from in the CAM table; i.e. the victim host (MAC) address against the attacker’s port. If you looked in the CAM table, you’d now find the attackers port mapped to both the attackers MAC address and also the victim’s MAC address.

The switch will now direct the next packet targeted at the victim’s MAC address to the attackers port (based on the CAM table entry) – the port is ’stolen’.

To relay the packet to the correct port (so that the conversations can continue uniterrupted), the attacker needs to get the CAM table back to the original state, i.e. with the victim’s port mapped to the victim’s MAC address. This is achieved by issuing a broadcast ARP request for the victim’s IP address. Broadcast means the request will go to all ports (including the victim). When the victim responds, the switch will record the new CAM table mapping (back to where it was originally). The captured packet can now be resent by the attacker and correctly directed by the switch to the victim’s port.

Now (and this is the scary bit) to get and relay the _next_ packet, the attacker needs to repeat the entire process. It looks like a lot of work and is why I raised queries about whether or not packets would be dropped. NaGA says ‘not necessarily’ which is fair enough.

URL: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2329 

After almost 2 months of time, thanks Streamyx!, my internet line is up. No wonder they call it screamyx. You really wanna scream when using it, getting their lousy support and the best part in installation.

However, there’s not much choice in regards to broadband internet connection over here. Yes, I know about Celcom’s 3G, Maxis broadband and Jaring as well, but I think they aren’t yet ready to compete with Streamyx. It’s kinda monopoly.

On the positive note, the WiMAX is coming to Malaysia soon. So I hope it will make things get better at Telekom Malaysia, if it happens.

Streamyx = Screamyx!

Do you use Mozilla Firefox? Or its variants?

Here’s my firefox plugins, they help me a lot and save lots of time. What are your plugins? Please leave in the comments.

The new version of Ubuntu was released recently, code named Gutsy Gibbon. I haven’t downloaded the ISO image but have upgraded the previous Ubuntu version. It’s all good. Especially I liked the ability to install LAMP, Mail, DNS servers as a stack. I hope it will make Ubuntu easier to install and easier to get adopted.

|

Anyways, I have requested some 7.10 i386 and 7.10 64bit versions from the Shipit, and now I have them in my hands! For which I thank Canonical and the Ubuntu team!

Great job folks!

P.S.

For those who are interested you can download Ubuntu here and you can request free CDs here.