Specific vulnerabilities: Cisco and Ascend write MIB. Cisco weak password encryption. TFTP (most routers). Bay config file is clear text.
Shared vs Switched: shared media broadcasts to all nodes. Switched media builds a table of MAC addresses and send the messages to a specific MAC.
- Use Snmpsniff in Linux to sniff in shared media networks.
- Packet sniffing was developed for the shared media environment, but
- There are now packet-sniffing tools for switches. Dsniff is easily installed in Ubuntu: use sudo apt-get install dsniff. Use sudo to run it. There is a FAQ to help you with its use. See example.
- Basic countermeasure: use encryption in all your traffic, such as PKI (1,2). You can also use VPN to create more secure connections.
- Arp redirect: arp redirect is part of the dsniff package (traffic goes through an attacker machine).
- RIP spoofing: Again use WUPS or NMAP to scan port 520 (RIP). A C program rprobe was written to demonstrate how to spoof/redirect.