lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 8 Dec 2011 14:04:12 -0800
From: Bob Dobbs <bobd10937@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: VLAN Hacking Tutorial at InfoSec Institute

This tutorial just rehashes ancient techniques in a general way in spotty
english.The insecurity of ARP among other issues listed are problems on any
layer 2 network and have little to do with VLAN. ARP flooding to make a
switch go into hub mode hasn't been an issue in decent switches for quite a
few years now.

The Cisco whitepaper referenced at the bottom is worth a read though
because proper configuration is indeed important:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml

The @Stake VLAN security whitepaper is a good read also:

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/stake_wp.pdf

Most importantly, it says:

"The results of @stake’s test sequences clearly demonstrate that edge
technologies,
including tools such as VLANs on Cisco Catalyst switches, when configured
according to best-
practice guidelines, can be effectively deployed as security mechanisms.”

On Thu, Dec 8, 2011 at 7:19 AM, Adam Behnke <adam@...osecinstitute.com>wrote:

> Ever wanted to learn how to hack a VLAN? Here is a tutorial for all of you:
> ****
>
> ** **
>
> http://resources.infosecinstitute.com/vlan-hacking/****
>
> ** **
>
> ** **
>
> ** **
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ