Header Only - DO NOT REMOVE - Extreme Networks

Is a mirroered port is safe against the Cyber attacks


I have mirrored a port (Summit series) in my system network for packet sniffing using a desktop which is connected to internet. My system network is physically and logically segregated from Internet apart from the mirrored port. Can a hacker access my System Network through mirrored port

6 replies

Userlevel 6
Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.
OscarK wrote:

Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.

Thanks OscarK for your reply.

Further to the above query, I read in Internet that the Port mirroring in fact convert the port to a unidirectional link. i tried to do telnet and ping test to my system network, but nothing was working.

I am a newbie to networking, if question is not making sense please let me know
Userlevel 6
OscarK wrote:

Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.

The mirror-to port where you are connected to is not part of any vlan so all packets from your PC are dropped. Sorry, I looked at your question wrong.
OscarK wrote:

Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.

You mean that in this case, no one can access the network through the mirrored port
Userlevel 6
OscarK wrote:

Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.

Yes.
OscarK wrote:

Hello, in Theory it could be possible as your windows PC still listens on that port to all packets. Every mirrored packet enters your desktop so if a hacker can craft a packet that your laptop will send to its CPU it could gain access. Best practise is to disable the IP stack (ipv4 and ipv6) on that port.

Thanks for the Information. It was really useful

Reply