Goosemaster
Lifer
- Apr 10, 2001
- 48,775
- 3
- 81
Originally posted by: EyeMWing
Originally posted by: Raduque
Originally posted by: Special K
Originally posted by: spidey07
Originally posted by: EyeMWing
That sentence hurt to read. Switching gear has NOTHING to do with your "connection". It has EVERYTHING to do with how many and what sort of equipment you use on the premesis running what applications.
And yeah, I'll be the first to admit that my home setup is beyond abnormal, and indeed, beyond geeky experimentation. That still doesn't change the fact that there isn't a 4-port switching-only product on the market that I wouldn't laugh at.
Not only that, they don't even run 802.1d.
In otherwords, they are to be avoided at all costs. Wanna take down a network? Use a four port switch and plug it into two network ports. fun will ensue.
OK, I don't know much about networking beyond how to share a connection for home use, or setting up some PCs for a LAN party, so bear with me here. Are you saying take a four port switch, and run two wires from 2 of the ports on the switch to 2 ports on another, bigger switch, and that will take down the bigger network? Or do you mean something else entirely?
I'd like to know how this works as well, and how to defend against it.
Yes. This would work, but it would only take out a single link in switching tree (i.e. a single switch). Depending on where the switch is located in the network topology, this could cause anything from MASSIVE traffic disruptions to a few clients losing connectivity altogether. Connecting them into multiple switches on the same network does much more damage.
There are several facets to effectively defending against this sort of attack:
First, you should NEVER have accessible network drops connected into your transport core switches.
Second, your switching topology should correspond to your actual geographic topology - switches close to each other in the switching topology should be close to each other physically. This makes it much harder to initiate a loop that spans a large part of the heirarchy, because you have to run cable much further.
Third, you should keep unused ports DEAD as much as possible. MAC filtering will not defend against this.
Fourth, as much of your switching equipment should support 802.1D "Spanning Tree" protocol. If both end-segments of the loop support this protocol, the loop will automatically be deactivated. (Spanning tree is also useful because you can intentionally create loops in your network which will be shut down and used as failovers in the case that a switch goes bad, eliminating single point of failure scenarios)
Fifth, your technical responders should know to check client equipment connected to switches that no longer appear to be switching and do not respond to in-band management (but they DO normally respond to out-of-band management)
Time is also of the essence, and during troubleshooting the directly affected part of heirarchy should be DISCONNECTED from the rest of the network, because if ANY broadcast packets are sent, they will loop as well - very quickly taking down the entire network.
i.e. manage your network before it manages to drive you up the wall
Facebook
Twitter