Date: Fri, 5 Jan 2001 15:15:24 -0600 From: Eric_Stanfield@kenokozie.com To: freebsd-questions@freebsd.org Subject: Stop this bullshit: Re: Antisniffer measures (digest of posts) Message-ID: <OF9AE1BA21.F65B8C4F-ON862569CB.00749214@kka.com>
next in thread | raw e-mail | index | archive | help
Expecting to get a switch worth powering on for less than $500 is what's
crazy. You are willing to invest countless hours of time setting up ipsec
or other methods of data encryption and that is going to cost more than
$4000 if your network is truly as large and diverse as you claim.
Can someone tell me wtf these posts have to do with freebsd and why the
hell my inbox is spammed with this garbage?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Eric Stanfield, K2Access
Keno Kozie and Associates
222 N LaSalle #1500
Chicago, IL 60606
(312) 332-3000
"Artem Koutchine"
<matrix@ipform.ru> To: <security@FreeBSD.ORG>
Sent by: cc: <questions@FreeBSD.ORG>
owner-freebsd-questions@F Subject: Antisniffer measures (digest of posts)
reeBSD.ORG
01/05/01 01:51 PM
Hello!
I have reread all the followups on the questions i posted in the mid
december.
first:
50% of the people said "SWITCH TO SWITCHES", 50% of the
people said: "EVEN SWITCHES CANNOT HELP"
Then mostly everytone started talking about SNMP controllable
switches with hardcorded MAC addreses for each port.
Then people started to talk about static ARP entries on the host.
ONE (ONLY ONE) person mentioned encryption, but did not elaborate
on that.
Well, let me remind the situtation. I have a very heterogenic network:
FreeBSD, Linux, Win9x, WinME, WInNT, WIn2000. Now they are all
connected with hubs, which allows sniffer to run and obtain all the mail
and web password easily. I need to stop it.
Buying 500$ SNMP controllable switch is CRAZY. I will not do it. It is
way too expensive. It will cost us about 4000$.
So, as I see we two possible solutions and one probable soultion:
POSSIBLE N1:
Switches (NON SNMP contrlllable, which do not turn into hub when flooded
with MAC addresses), hardcorder ARP entries on hosts
for router, DNS, MAIL, POP, corporate web (thanks hot it is the same host).
QUESTIONS:
Is it possible to do to hard code ARP entries in WINxxxxx?
Is there such switch which does not fall back into hub mode when
flooded
with
MACs?
POSSIBLE N2:
Install a little FBSD/LINUX based router indetad of each hub. Put a bunch
of
NIC in each. Put each host on a reparate NIC. Price: 100$ for the
Pentium166
based host+ 8nics x 20$=100+160=260$ (twice as cheap as SNMP switch and
twice as expensive and a simple switch)
QUESTIONS:
I wonder where do i get 8 IRQs for the NICs int the routing box.
Will the box with 4PCIs and 4ISA NICs be able to hold on electricwise?
PROBABLE:
Some kind of tranparent IP encryprtion.
QUESTIONS:
What kind of IP encryption?
Is it availbale for FBSD, Linux, WINxxxxx?
I hope someone would help.
Best regards,
Artem Koutchine
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OF9AE1BA21.F65B8C4F-ON862569CB.00749214>