cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
362
Views
10
Helpful
6
Replies
Highlighted
Participant

Telnet Security

If someone has Wireshark installed on a PC and that PC is on the same VLAN as the Management VLAN can the "listener" see the management passwords even if they are going to a different address(the network gear) than the PC? 

Thanks, Pat.

6 REPLIES 6
Highlighted
Contributor

hi Patrick,

it definitely can. Once you find the address the sender needs to telnet you can set a Man In The Middle Attack (even difficult to identify) and sniffing all the passwords you want. This , assuming we are talking about a wired network. Witha wireless network it is much easier. however, post this question in the security section and you will get very nice advices from the sec engineers

hope this helps

Alessio

PS: a Man in the Middle attck is NOT the only way to get clear (Telnet is not encrypted) text passwords. SSHv2 is a duty nowaday

      

PS1: a note to Jon post is that they exist many software that are able to emulate a different mac-address from the real one. From here another way to capture reserved communication

      

Please, mark as answered this thread!

Highlighted
Hall of Fame Guru

Pat

No, they shouldn't be able to on a switch vlan because the switch will only forward the packet to the specific mac-address of the network gear.

If the LAN were a WLAN (wireless) or there was a hub involved then the results may be different eg. if PCA was allowed to connect to the network gear, PCB was not but both PCs were connected to the same hub then yes PCB running in promiscous mode would indeed be able to see the passwords.

But there are other concerns with using telnet ie. (assuming PCB is the attacker PC again) -

1) arp poisoning - where you can fool the switch into entering your mac-address with the network gear's IP address so packets are sent to you. Run a telnet server on PCB and you now have the login credentials. If the credentials are the same for all network equipment ...

2) flooding the switch with mac-address entries. If a switch has more mac-addresses than it can store then it simply treats all other packets ie. packets it hasn't been able to store a mac to port mapping for, as broadcasts and in effect becomes a hub. PCB running in promiscuos mode would then be able to see the packets.

Jon

Highlighted

Jon! It's great to see you back on here!

HTH, John *** Please rate all useful posts ***
Highlighted

Thanks John. I've been out of networking for a while so not sure how much i'll be answering but just thought i'd check in to the forums

Highlighted
Hall of Fame Cisco Employee

Jon,

I am so glad to see you online!!! How are you? Will you be able to be around more often? Oh, probably not suited for a public debate but I can't help but ask you right away

Please let me know - or better yet, check your e-mail

Best regards,

Peter

Highlighted

Thnaks for the explaination.

Content for Community-Ad