[10502] in bugtraq
Re: Infosec.19990305.macof.a
daemon@ATHENA.MIT.EDU (Greg A. Woods)
Sun May 9 09:12:19 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <m10gKXR-000g5eC@most.weird.com>
Date: Sat, 8 May 1999 23:46:01 -0400
Reply-To: "Greg A. Woods" <woods@weird.com>
From: "Greg A. Woods" <woods@MOST.WEIRD.COM>
X-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Alan Cox's message of "Saturday, May 8,
1999 03:17:47 +0100" regarding "Re: Infosec.19990305.macof.a" id
<m10fwgZ-0007TwC@the-village.bc.nu>
[ On Saturday, May 8, 1999 at 03:17:47 (+0100), Alan Cox wrote: ]
> Subject: Re: Infosec.19990305.macof.a
>
> Your security is still totally illusionary. Treat a switch
> as a network accelerator thats all. Any security consultant who talks
> about switches as a security feature you should offer to
> sell a bridge too (london bridge that is).
>
> The only time the switch helps is if it has IP level filters
Well, um, actually it is supposedly possible to pre-program some
switches with the MACs of the host(s) it should see on a given segment.
Assuming you've done this, and that it's possible to stop the switch
from learning new MACs (I've not yet tried this myself), it should make
many of the attacks described to date much more difficult, if not
impossible.
In addition the switch *is* an extra level of defense, even if it's not
100% guaranteed, as it does prevent trivial sniffing (as anyone who grew
up diagnosing Ethernet problems with packet sniffers can tell you!).
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>
