Jump to content

Hacking ProCurve swtich port-security?

Whig

By Whig
in Security

 Share

Recommended Posts

Whig Newbie

Whig

Posted
Posted

Any idea how to "hack" port-security thing on procurve switch?

It will disable port and send alert if you connect device with new unknown mac-address to port.

Only way what comes to my mind is change your device mac-address to same as that device which is on that port already and then it should not disable that port... haven't tested it yet but...

More about port-security example here: http://www.hiddenone.net/hp-procurve/local-port-security/

Link to comment
Share on other sites
  • 1 year later...
3vi1john Newbie

3vi1john

Posted
Posted

If you are able to find the r/w SNMP string of the switch via brute force, you could probably send an SNMP SET command to the switch instructing it to turn of port security. You would probably have to do an snmpwalk and read the docs to find this data. If you steal the mac address of an already connected device you need to get traffic sent before it or it will ignore you.

<!--quoteo(post=151905:date=Wed, 27 Jan 2010 15:33:11 +0000:name=Sparda)--><div class='quotetop'>QUOTE (Sparda @ Wed, 27 Jan 2010 15:33:11 +0000) <a href="index.php?act=findpost&pid=151905"><{POST_SNAPBACK}></a></div><div class='quotemain'><!--quotec-->Seems like you already found the solution to your problem.<!--QuoteEnd--></div><!--QuoteEEnd-->

Well... I was just interested does anybody know any other ways to do that.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

If you are able to find the r/w SNMP string of the switch via brute force, you could probably send an SNMP SET command to the switch instructing it to turn of port security. You would probably have to do an snmpwalk and read the docs to find this data. If you steal the mac address of an already connected device you need to get traffic sent before it or it will ignore you.

Thats if the device allows updating over SNMP, which I don't think it works that way. More than likely you would have to be signed into the device and turn off the sticky bits setting for the specific port or such. Not sure how thats maintained on a pro curve switch, but in cisco its "no switchport port-security" or if you want, you can make it so it allows more than one device, or adding your mac to the list, but generally, SNMP traps just get set off when their is a violation, I don't think they allow you to update anything over SNMP itself or that would be a huge attack vector.

Link to comment
Share on other sites
Infiltrator Newbie

Infiltrator

Posted
Posted (edited)

Thats if the device allows updating over SNMP, which I don't think it works that way. More than likely you would have to be signed into the device and turn off the sticky bits setting for the specific port or such. Not sure how thats maintained on a pro curve switch, but in cisco its "no switchport port-security" or if you want, you can make it so it allows more than one device, or adding your mac to the list, but generally, SNMP traps just get set off when their is a violation, I don't think they allow you to update anything over SNMP itself or that would be a huge attack vector.

That would be done via the web admin interface, but some series of the HP ProCurve Switches will allow remote administration via a terminal just like Cisco switches.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...