Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1592
Views
15
Helpful
4
Replies

LAN switching - Prevent Sniffing

tnguyen
Level 1
Level 1

‎08-14-2006 09:02 AM - edited ‎03-03-2019 04:30 AM

Is "no span port configured" sufficient to prevent someone captures traffic intended for another device, specially someone's password, using sniffer software (e.g. ethereal) running on PC connected to the same LAN?

Labels:
0 Helpful
4 Replies 4

sundar.palaniappan
Level 10
Level 10

‎08-14-2006 09:31 AM

Hi,

If you have a fully switched network, i.e no hubs used, if SPAN feature is completely disabled in those switches and the login to the switches are secure then I would say you are probably safe from sniffer attacks. But, to completely mitigate against sniffer attacks Cisco SAFE blueprint recommends cryptogrophy (encryption) which would make any data irrelevant even if someone captures it.

Hope that helps!

Regards,

Sundar

mheusinger
Level 10
Level 10
In response to sundar.palaniappan

‎08-14-2006 11:50 AM

Hi,

I also would consider implementing ARP inspection. There are tools in the internet designed to allow for "man in the middle" attacks. The idea is to answer ARPs for the default gateway with your own MAC. Then all traffic from the respective host is sent to the attackers host. The applications allow sniffing of all packets, especially because the application inserts the real default gateway MAC and forwards it. So the user might "just" experience performance problems (as all traffic is directed through the attackers LAN port.

ARP inspection allows a switch to detect such behaviour and error disable the attackers port.

Hope this helps! Please rate all posts.

Regards, Martin

jbrunner007
Level 1
Level 1
In response to mheusinger

‎08-16-2006 07:54 AM

I absolutely agree. One thing I would add is to use full port security with the disable option (as apposed to alert). If anyone attempts to become the gateway's mac, kill their switch port fast! Of course, this would probably prevent you from doing sticky learning, as the attacker could just become a "secure mac" while stealing traffic by answering the default gateway's arp

0 Helpful

dabels
Level 1
Level 1
In response to jbrunner007

‎08-17-2006 08:40 AM

I agree here, one of the things to look out for is if there is any asymetrical routing taking place (and your timers are not set up correctly) you can get into a situation where all traffic is flooded out all ports in the vlan, thus anyone attached to any port, span or not, would get all the data to a specific device.

0 Helpful
Customers Also Viewed These Support Documents