RE: DH-CHAP

[Paul Koning <ni1d@arrl.net>]

Excerpt of message (sent 15 April 2002) by Yongge Wang:
> 
> >> For most Switched environment, this attack is possible though for
> >> some switched network (with some special intelligent conficurations,
> >> e.g., if the switch will not broadcast the traffic of initiator to the
> >> attackers's side... however, this configuration is seldom used...
> >> switch is not supposed to be as smart as a router in Internet),
> >> this attack will not work.
> >
> >??? That's exactly what a switch does. If the ethernet packet is not an
> >ethernet broadcast packet, and the switch knows which port the MAC is on
> >(i.e. the MAC of the router), the packet will go out only the port for the
> >MAC.
> 
> But the switch has to broadcast again on the outgoing port, right?
> That port is not solely reserved for the target device. What I want
> to clarify here is that: The target device is not generally the only device
> on that Ethernet connected to the outgoing port of the switch.
> All devices on that Ethernet could hear and play the attack.

Gigabit Ethernet (and beyond) is full duplex.  Well, in theory there's
half duplex GE; in practice that does not exist.

So on every switch port there is by definition exactly ONE device.

The case you're thinking about is meaningful for 10Mb/s and 100 Mb/s
Ethernet, at least for those cases where people mix hubs and
switches.  Given the cost of switch ports, that's becoming less and
less common even there.

     paul