Jump to content



Photo

Elementary security question


  • Please log in to reply
3 replies to this topic

#1 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 24 October 2011 - 05:01

So much of the network sniffing talk is about wireless, where all the bits are flying everywhere in the air. I'm wondering about something different though...

Say that there are several computers connected by wire to a soho router (in parallel, not serial, of course). One of them is not trusted and owned by an attacker. Ok, also assume that they can't break the router's admin password.

Would the bad guy be able to sniff or do bad things to traffic that goes between the other physically connected computers and the router?


#2 Ridlas

Ridlas

    Just smoking my pipe

  • Joined: 25-June 09
  • Location: Curaçao
  • OS: Windows 8

Posted 24 October 2011 - 05:09

I don't think so because a router/switch only sends packets to the corresponding computer it's assigned to. Hubs used to just send the packets to everyone which also cluttered the network, so I'm guessing if they were on a hub, he could.

I probably am wrong about this. It's what my very limited knowledge knows.

#3 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 106
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 24 October 2011 - 11:48

he could always send traffic to other computers, but as to sniffing -- without flooding the switch to have it fail open and send all packets to a every port the only traffic he would see while sniffing is broadcast traffic, arps, multicast traffic. He would not for example see your traffic between your machine and neowin.net

But sure he could for example do a arp spoof of the routers mac and have your machine think his machine is the gateway and send all traffic to his machine.

A switch normally keeps someone from sniffing all the traffic, but an "attacker" can do things to change this yes - its not 100% protection against sniffing.

And you will see all the broadcast traffic, which can be very useful info -- I really suggest you grab wireshark, and do a bit of sniffing to see what kind of traffic you see, etc.

#4 OP primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 25 October 2011 - 00:12

thanks budman, that was very informative =D