Broadcasting (networks) at Wikipedia
Switches broadcast too, but all other information is managed "intelligently."
Broadcasting (networks) at Wikipedia
Switches broadcast too, but all other information is managed "intelligently."
-
I'm not going to teach how to break a switch, but needless to say they are nothing more than multiport bridges. figure it out from there.
-edit- jebus, does that wiki need editing. Yet another reason to not trust wiki.
I'm not going to teach how to break a switch, but needless to say they are nothing more than multiport bridges. figure it out from there.
-edit- jebus, does that wiki need editing. Yet another reason to not trust wiki.
teach us oh great wise one!
seriosuly though, I had never heard of broadast suppression...sounds cool
Originally posted by: Goosemaster
seriosuly though, I had never heard of broadast suppression...sounds cool
You never read the fargin manual??? RTFM
Originally posted by: spidey07
Originally posted by: Goosemaster
seriosuly though, I had never heard of broadast suppression...sounds cool
You never read the fargin manual??? RTFM
I don't have any good switches
I basically use the switch ports on unused routers for that
KLin
Lifer
- Feb 29, 2000
- 29,543
- 156
- 106
I had to deal with that a few months ago. My network at work was being flooded for some reason, and I traced it to a netgear cheapo switch (daisy chained off of an intel 510t switch) with a patch cable looped into it. Damn cabling limitations forcing me to install these switches
.Originally posted by: KLin
I had to deal with that a few months ago. My network at work was being flooded for some reason, and I traced it to a netgear cheapo switch (daisy chained off of an intel 510t switch) with a patch cable looped into it. Damn cabling limitations forcing me to install these switches
STP and the like didn't let it get bad, no?
I bought a netgear 24port switch from justdeals.com (well their ebay store) and even though it took forever for them to finally ship it and it didn't come with the power cord, it was basically brand new and I only paid $33 shipped for it (retails for $99 on newegg.com)
OK, I don't know much about networking beyond how to share a connection for home use, or setting up some PCs for a LAN party, so bear with me here. Are you saying take a four port switch, and run two wires from 2 of the ports on the switch to 2 ports on another, bigger switch, and that will take down the bigger network? Or do you mean something else entirely?
MichaelD
Lifer
- Jan 16, 2001
- 31,528
- 3
- 76
All this talk about bringing down networks is very educational and all...but getting back on topic.
A hissing electronic device is not good. You probably have a leaking capacitor in there and eventually it will pop. Having the device wrapped in highly flammable bubble wrap isn't the brightest of ideas.
A hissing electronic device is not good. You probably have a leaking capacitor in there and eventually it will pop. Having the device wrapped in highly flammable bubble wrap isn't the brightest of ideas.
MichaelD
Lifer
- Jan 16, 2001
- 31,528
- 3
- 76
Originally posted by: Madwand1
10/100 switches should go straight to landfill. Cut out the middleman
The vast majority of businesses are still on 10/100 switches. Granted, most are aggregated with Gigabit uplinks to the switch farm, but the departmental/wiring closet switches are still 100MB.
- Aug 3, 2005
- 9,916
- 2
- 81
To guard against it your switch should have features to prevent such a thing and shut the ports down if it detects a bridging loop. Cisco calls it loopguard and bpduguard.
bpduguard works very well. if the port receives a spanning-tree bdpu it shuts it down. In the 4 port switch example here's what the "closet switch" would see.
port 1 - send out bpdus
porr 2 - send out bpdus
Neither port should ever receive bdpus and run bpdu guard on them.
user plugs in little 4 port switch to ports 1 and 2, since it doesn't run spanning tree, a bridging loop is created and traffic is forwarded endlessly, broadcasts go through the roof as frames never stop being forwarded everywhere. Very quickly the entire broadcast domain becomes unusable as every port is spitting out 100 to 1000 megabits/sec of broadcasts. layer3 switch/router has to process (in processor) these broadcasts, processor goes to 100%, router/switch has trouble even routing now...more than likely other segments are affected because of this.
but with bpduguard, this scenario of the rogue switch:
port 1 - receives a spanning-tree bpdu from port 2
port 2 - receives a bpdu from port 1
Both ports shut down, loop broken.
LOL... what's with all the hate toward 4-port switches? I have a 4-port SMC switch downstairs from my internet connection in my entertainment center. All it's doing is providing internet connectivity for my XBox and Xbox 360. WTF would I want a 12/24/48/etc... switch there? I wouldn't. The 4-port is small, discrete, and does its job perfectly.
Yes. This would work, but it would only take out a single link in switching tree (i.e. a single switch). Depending on where the switch is located in the network topology, this could cause anything from MASSIVE traffic disruptions to a few clients losing connectivity altogether. Connecting them into multiple switches on the same network does much more damage.
There are several facets to effectively defending against this sort of attack:
First, you should NEVER have accessible network drops connected into your transport core switches.
Second, your switching topology should correspond to your actual geographic topology - switches close to each other in the switching topology should be close to each other physically. This makes it much harder to initiate a loop that spans a large part of the heirarchy, because you have to run cable much further.
Third, you should keep unused ports DEAD as much as possible. MAC filtering will not defend against this.
Fourth, as much of your switching equipment should support 802.1D "Spanning Tree" protocol. If both end-segments of the loop support this protocol, the loop will automatically be deactivated. (Spanning tree is also useful because you can intentionally create loops in your network which will be shut down and used as failovers in the case that a switch goes bad, eliminating single point of failure scenarios)
Fifth, your technical responders should know to check client equipment connected to switches that no longer appear to be switching and do not respond to in-band management (but they DO normally respond to out-of-band management)
Time is also of the essence, and during troubleshooting the directly affected part of heirarchy should be DISCONNECTED from the rest of the network, because if ANY broadcast packets are sent, they will loop as well - very quickly taking down the entire network.
How do you make an unused port dead? Is this something that can only be done on higher-end switches, as opposed to the cheapo Netgears you can pickup at any Best Buy?
Second, if I am understanding that correctly, it sounds like causing one of these feedback loops requires you to physically interfere with the network in some way (i.e. deliberately placing a cable in such a way that will cause a problem). Wouldn't this be much easier to "defend" against than some attack that runs remotely? I mean it sounds like all you have to do is prevent unauthorized personnel from entering your server/network rooms.
Finally, in the more severe attack you were describing, you are saying to take a small switch, run one cable from a port on that switch to a port on a larger switch in the network, and then run another cable from the smaller switch to a different switch on the larger network? Is there any reason to do this other than to cause trouble? Why wouldn't any switch just detect that as an invalid connection? So basically that causes your network to be flooded with BS traffic, preventing anything else from going through?
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 20K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 12K
-
Discussion Speculation: Zen 4 (EPYC 4 "Genoa", Ryzen 7000, etc.)- Started by Vattila
- Replies: 13K
-
Facebook
Twitter