STP mitm attack idea
来源:互联网 发布:菜鸟网络几个大仓库 编辑:程序博客网 时间:2024/06/11 08:49
As I read in many white papers about attacks on Spanning Tree Protocol, I found mitm attack on two STP switches, one station and two ethernet NICs.
That attack is in most cases useless because:
- we need physical access to two (not one switch)
- two cards in station
As two cards are possible, that access to two switches in one ie. office is almost impossible.
My idea for modification of this attack needs:
- two stations to attack by mitm (A and B)
- two or more switches with STP protocol
- two attacking stations connected to two different switches in way beetween attacked stations (C and D)
A ---- switch 1 ----- switch 2 ----- B
| |
| |
C D
Take first scenario:
1. A - sends frame to B
2. Switch 1 - accepts frame and forwards it to switch 2
3. Switch 2 - accepts frame via link from switch 1 and forwards it to B
Second scenario:
1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
A ---- switch 1 --X-- switch 2 ----- B
| |
| |
C --no conn-- D
2. Station A sends frame to B
3. Frame is forwarded to C station
4. Station C stores frame in memory
5. After equal timing station C and station D repair link beetween switch 1 and 2
6. station C resends stored packet to station D (ie in tunnel or encapsulated in ip packet)
7. stations C and D break link beetween switches 1 and 2
8. station D sends transmitted packet to station B
Advantages
- no need for one station with two links to two switches
- needs two stations, either compromised or not (in large multiswitch enviroment with many stations sometimes we can find in example two compromised windows or linux hosts)
- when we have good timing and packet detection method, we can separate one protocol connection from whole traffic
Disadvantages of method.
- stops whole traffic beetween switches, and needs delicate timing
- when link beetween switch 1 and 2 is working we can't see frames that flying across wire
Additional information.
- timing question, ie - retransmition time beetween tcp frames, and time to break and repair link - is it possible to do it before frame is retransmited?
Uh that's all. Please think about it is possible, because my programming skills are to low to make it working.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/Baseline_Security/sec_chap7.html#wp1058965
- STP mitm attack idea
- Man-in-the-Middle Attack mitm
- SSH2 “MITM” like attack with JMITM2
- SSH2 “MITM” like attack with JMITM2
- STP
- STP
- STP
- STP
- stp
- STP
- Guide to understanding XSS – XSS payloads, attack vectors, BeEF hooking, MiTM with Shank and some hi
- Attack
- Attack
- 初探MITM-中间人攻击
- 【MITM】登陆会话劫持
- MITM 中间人攻击
- MITM arpspoof ARP 欺骗
- STP概述
- ORACLE ERP开发基础之前言
- 菜鸟杂谈
- JavaScriptSerializer 对 DateTime 数据类型的JSON序列化的问题
- QT: Fast way to measure time?
- JavaScriptSerializer 对 DateTime 数据类型的JSON序列化的问题
- STP mitm attack idea
- linux笔试题目
- 使用系统字段
- 闲话亚西比德
- Month of PHP Security - Summary
- speex 编译(转)
- 分享多年美工工作收集的小工具和经验
- 二叉树:已知前序中序求后序结果的问题
- struct sk_buff 分析