Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
10
Helpful
6
Replies

Telnet Security

Patrick McHenry
Level 4
Level 4

‎09-05-2012 05:56 AM - edited ‎03-07-2019 08:42 AM

If someone has Wireshark installed on a PC and that PC is on the same VLAN as the Management VLAN can the "listener" see the management passwords even if they are going to a different address(the network gear) than the PC? 

Thanks, Pat.

Labels:
0 Helpful
6 Replies 6

Alessio Andreoli
Level 5
Level 5

‎09-05-2012 06:30 AM

hi Patrick,

it definitely can. Once you find the address the sender needs to telnet you can set a Man In The Middle Attack (even difficult to identify) and sniffing all the passwords you want. This , assuming we are talking about a wired network. Witha wireless network it is much easier. however, post this question in the security section and you will get very nice advices from the sec engineers

hope this helps

Alessio

PS: a Man in the Middle attck is NOT the only way to get clear (Telnet is not encrypted) text passwords. SSHv2 is a duty nowaday

      

PS1: a note to Jon post is that they exist many software that are able to emulate a different mac-address from the real one. From here another way to capture reserved communication

      

Please, mark as answered this thread!

Jon Marshall
Hall of Fame
Hall of Fame

‎09-05-2012 06:31 AM

Pat

No, they shouldn't be able to on a switch vlan because the switch will only forward the packet to the specific mac-address of the network gear.

If the LAN were a WLAN (wireless) or there was a hub involved then the results may be different eg. if PCA was allowed to connect to the network gear, PCB was not but both PCs were connected to the same hub then yes PCB running in promiscous mode would indeed be able to see the passwords.

But there are other concerns with using telnet ie. (assuming PCB is the attacker PC again) -

1) arp poisoning - where you can fool the switch into entering your mac-address with the network gear's IP address so packets are sent to you. Run a telnet server on PCB and you now have the login credentials. If the credentials are the same for all network equipment ...

2) flooding the switch with mac-address entries. If a switch has more mac-addresses than it can store then it simply treats all other packets ie. packets it hasn't been able to store a mac to port mapping for, as broadcasts and in effect becomes a hub. PCB running in promiscuos mode would then be able to see the packets.

Jon

John Blakley
VIP Alumni
VIP Alumni
In response to Jon Marshall

‎09-05-2012 06:44 AM

Jon! It's great to see you back on here!

HTH, John *** Please rate all useful posts ***
0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to John Blakley

‎09-05-2012 06:50 AM

Thanks John. I've been out of networking for a while so not sure how much i'll be answering but just thought i'd check in to the forums

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Jon Marshall

‎09-05-2012 07:13 AM

Jon,

I am so glad to see you online!!! How are you? Will you be able to be around more often? Oh, probably not suited for a public debate but I can't help but ask you right away

Please let me know - or better yet, check your e-mail

Best regards,

Peter

0 Helpful

Patrick McHenry
Level 4
Level 4
In response to Jon Marshall

‎09-05-2012 08:49 AM

Thnaks for the explaination.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card