802.3x blackhat pownage

Little leak from a future prezo for a customer:

802.3x flow control is a quick&dirty protocol. If you have physical access to install a hub anywhere on the network or already have a victim host under control it could lead to a massive Ethernet Denial of Service.

It’s very easy to kill a network at layer 2 if mitm is possible and flow control receive is on by replaying quanta 65535 pause frames.

Impact:

No new flows creation will be possible.

Existing connections breaks if DoS is longer than upper layers timeout.

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Reply from 10.162.112.45: bytes=32 time=1729ms TTL=255 <— Attack stopped

Reply from 10.162.112.45: bytes=32 time<1ms TTL=255

2960_lab_test#sh int flow | inc (Fa0/48|Port)

Port       Send FlowControl  Receive FlowControl  RxPause TxPause

Fa0/48     Unsupp.  Unsupp.  on       on          385552  0

Recent comments

Blog comments powered by Disqus