lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 30 Mar 2005 00:29:24 +0300
From: "Tarmo Mamers" <tarmo@...ox.com>
To: <bugtraq@...urityfocus.com>
Subject: Re: DoS of LAN via D-Link switches


> > From: Frank Bures [mailto:lisfrank@...m.toronto.edu]
> > Sent: Tuesday, March 29, 2005 4:41 AM

> > When user connects the same patch cable to two ports of the
> > switch, the
> > switch will ultimately bring down hierarchically higher
> > branches of the
> > LAN.

> > Ours is a rather large LAN.  One part of it is served by
> > Extreme Networks
> > switches.  None of the SGI machines behind these switches
> > were affected by
> > the short.  In fact no adverse effects were observed in that
> > part of the
> > LAN.

This is natural behaviour of Ethernet ("natural" being dependent of your
network design, of course :) and has nothing to do with D-Link or any other
manufacturer.

Some switches offer automatic port disabling feature if BPDU is received on
a port defined as access port. All workstation ports should be defined as
access ports for this to work. Workstations are not taking part of any
Spanning Tree and they shouldn't generate any BPDUs and thus BPDUs shouldn't
come into the switch from any access port. When you interconnect two switch
ports defined as access ports, BPDUs generated by the switch reach another
access port and trigger the disabling feature. This works in case or a
single switch as well as between different switches as long as all your
switches are Spanning Tree enabled.

How the "short-circuit" affects specific switches depends how their unknown
frame forwarding is configured and where they stand in a multi-tier switch
topology.

> > In my opinion, a switch should be immune to this admittedly insane
> > manipulation.  Otherwise, one can DoS the entire network just
> > by shorting
> > two RJ-45 network outlets in one's office together.

Switches _are_ immune to insane manipulation if configured correctly.
Excluding plugging out the power cord, unfortunately...


-tarmo-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ