From owner-freebsd-questions@FreeBSD.ORG Thu Jan 18 09:40:18 2007 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 2D3A016A407 for ; Thu, 18 Jan 2007 09:40:18 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.web-strider.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id CC63613C457 for ; Thu, 18 Jan 2007 09:40:17 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from coolf89ea26645 (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.11.1/8.11.1) with SMTP id l0I9eGx38303; Thu, 18 Jan 2007 01:40:16 -0800 (PST) (envelope-from tedm@toybox.placo.com) Message-ID: <00c601c73ae4$85eec240$3c01a8c0@coolf89ea26645> From: "Ted Mittelstaedt" To: "Andrew Pantyukhin" References: <20070118022306.Q26349@prime.gushi.org><005701c73ad3$1e433560$3c01a8c0@coolf89ea26645> Date: Thu, 18 Jan 2007 01:39:16 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 Cc: "Dan Mahoney, System Admin" , questions@freebsd.org Subject: Re: Transport Mode IPSEC X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2007 09:40:18 -0000 ----- Original Message ----- From: "Andrew Pantyukhin" To: "Ted Mittelstaedt" Cc: "Dan Mahoney, System Admin" ; Sent: Thursday, January 18, 2007 12:25 AM Subject: Re: Transport Mode IPSEC > On 1/18/07, Ted Mittelstaedt wrote: > > Dan, > > > > You do realize, don't you, that since both of these hosts are on a switch, > > and are using unicast traffic to communicate with each other, that they > > cannot be sniffed, don't you? > > > > You might read up on ethernet switching technology a bit before > > answering that. > > I'm sorry to be the one to make this remark but it's > you who needs to read a bit to learn (a) how to sniff > traffic off most Ethernet switches from D-Link to > Cisco; (b) what other security risks unprotected NFSv3 > shares pose. Yeah, sure I've heard that one before. Why don't you go ahead and elaborate one of your favorite theoretical attacks out of one of those books that "proves" that an attacker can "sniff most switches" so I can have the fun of knocking it down by real-world hardware implementations that you can actually buy and use right now. Don't be a fool. Ethernet switch manufacturers aren't stupid and have read the same stuff your citing. They combat them 2 ways. The first is used on the expensive switches and it's called filtering and allows switch manufacturer salespeople to have something to dog and pony. The second is used on the cheapo switches and it's called using a wussy CPU on the switch so that the second you try attacking the switch with one of your fancy attacks to sniff it, the switch just rolls over and dies, passing so few packets that every connection through it looses tremendous numbers of packets, and hell breaks loose as all users start screaming. been there, done that. Those work just dandy in the lab and in your CCIE class with 3 hosts setup for the purpose of demonstrating the attacks. But try it on a production network some day and the side-effects will kill you. Ted