Date: Fri, 7 Jan 2000 11:24:27 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Mitch Collinsworth <mkc@Graphics.Cornell.EDU> Cc: Wes Peters <wes@softweyr.com>, DRHAGER@de.ibm.com, Olaf Hoyer <ohoyer@fbwi.fh-wilhelmshaven.de>, freebsd-net@FreeBSD.ORG Subject: Re: sniffing networks Message-ID: <Pine.BSF.3.96.1000107111949.38886A-100000@fledge.watson.org> In-Reply-To: <200001041729.MAA16004@benge.graphics.cornell.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 4 Jan 2000, Mitch Collinsworth wrote: > >Stick the users on switched ports so they can't sniff other users packets > >and be done with it. > > According to a friend who has done some network monitoring tests this > is not as perfect a solution as it sounds. He has observed packets > coming out ports other than the one where the destination system is > connected. Still, everyone agrees it's far better than the old > dozens-of-machines-in-a-single-collision-domain method. You should not rely on switches for security unless your switch allows you to hard-assign MAC addresses to ports on the switch, and you hard assign IP addresses to these MAC addresses on the end hosts. MAC addresses can be spoofed, so race conditions can exist where you receive data for others, as well as other issues; similarly, ARP and ICMP redirect both occur above the switch level--switching protects messages based on destination MAC address, not destination IP address. The best thing to do is use real crypto, which means you no longer care about who sees the packets. There are still issues with leaked electromagnetic spectrum, but the chances are you aren't interested in those attacks :-). Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000107111949.38886A-100000>