From owner-freebsd-questions Wed Dec 20 8:58: 9 2000 From owner-freebsd-questions@FreeBSD.ORG Wed Dec 20 08:57:59 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from apollo.gti.net (apollo.gti.net [199.171.27.7]) by hub.freebsd.org (Postfix) with ESMTP id 88B2C37B400; Wed, 20 Dec 2000 08:57:59 -0800 (PST) Received: from fuckoff (localhost [127.0.0.1]) by apollo.gti.net (mail) with SMTP id CAA8E145A5E; Wed, 20 Dec 2000 11:57:54 -0500 (EST) Message-ID: <011f01c06aa5$aab683d0$0501a8c0@fuckoff> Reply-To: "Shadow" From: "Shadow" To: , References: <000301c06a9e$49383010$1805010a@epconline.net> Subject: Re: What anti-sniffer measures do i have? Date: Wed, 20 Dec 2000 11:55:32 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Most (all?) Cisco Catalyst switches allow you to set "port security" which will disable the port either for a fixed period of time or forever until a supervisor re-enables it if it detects 'too many' MACs on a port or overlapping MAC addresses on ports. It gives a decent level of security without having to manually program MACs into all of the ports (ick!) Only thing I haven't tested is if using spanning tree breaks this functionality at all (I think I remember it having to sometimes look for duplicate MACs on ports)... not that spanning tree is a good solution to anything IMHO. Only downside is their price tag.... -Shadow Sr. Systems Administrator, Global Telecom Inc. shadow@gti.net ----- Original Message ----- From: "Chuck Rock" To: ; Sent: Wednesday, December 20, 2000 11:02 AM Subject: RE: What anti-sniffer measures do i have? > I use Intel 460T standalone switches, and they have the ability to keep the > database from learning new MAC addresses, and you can manually program the > MAC addresses to each port. > > This is much safer than default configuration, but it takes a lot of the > convenience of the switches ability to handle changes. > > I'm not necessarily saying they are better than others, I don't like some of > the features they have, and I haven't tried many other switches. > > I could go either way for security or convenience, but most networks don't > change like mine does, so the call would up to the person that has to > maintain those switch databases, and what tools are available to automate > that process. Any "good" SNMP software would probably suffice in allowing > you to remotely make database changes, and monitor the switches as well. > another nice thing with these is they have the ability to use BOOTP so the > configs can be centrally located. > > Chuck > > > -----Original Message----- > > From: Artem Koutchine [mailto:matrix@ipform.ru] > > Sent: Wednesday, December 20, 2000 6:30 AM > > To: Vladimir Mencl, MK, susSED; David Talkington > > Cc: Chuck Rock; security@FreeBSD.ORG; questions@FreeBSD.ORG > > Subject: Re: What anti-sniffer measures do i have? > > > > > > N/A for windows. Only for UNIX. So, not usable in heterogenic > > networks. > > > > ----- Original Message ----- > > From: "Vladimir Mencl, MK, susSED" > > To: "David Talkington" > > Cc: "Chuck Rock" ; ; > > > > Sent: Wednesday, December 20, 2000 3:23 PM > > Subject: RE: What anti-sniffer measures do i have? > > > > > > > On Tue, 19 Dec 2000, David Talkington wrote: > > > > > > > Far as I know, hard-coding an arp table is the only way to prevent > > > > that sort of thing ... someone please correct me if I'm wrong? > > > > > > Hardcoding the ARP table both in the switch and in every computer "to be > > > protected" in the network. Every computer would have to know both IP and > > > ethernet address of at least the router, the nameserver and all > > > computers it connects to. > > > > > > Will it be enough? > > > > > > ...putting the switch into a mode like "use only-and-only this hardcoded > > > arp-table".... > > > > > > > > > > > > Vladimir Mencl > > > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message