Date: Thu, 29 Jul 1999 18:54:33 -0600 From: Wes Peters <wes@softweyr.com> To: Bill Fumerola <billf@jade.chc-chimes.com> Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, "Jordan K. Hubbard" <jkh@zippy.cdrom.com>, net@FreeBSD.ORG Subject: Re: cvs commit: src/release/sysinstall tcpip.c Message-ID: <37A0F7C9.676F675C@softweyr.com> References: <Pine.BSF.4.10.9907281700430.16747-100000@jade.chc-chimes.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Fumerola wrote:
>
> On Wed, 28 Jul 1999, Garrett Wollman wrote:
>
> > Switches won't help (unless you turn learning off and manually
> > configure every Ethernet address in your entire network into every
> > switch). All an attacker has to do to sniff your packets is to send
> > packets pretending to be you, thereby causing the switches to learn
> > the attacker's location.
>
> Not when I tell my switch that port 1 is VLAN 1 and port 2 is VLAN 2.
> Port 1 will never see port 2's traffic.
Or turn on VLAN Authentication, then he CAN'T send any packets as you
unless he knows your VLAN password. If he tries, and your MAC and/or
IP address is already known in that VLAN, it will turn off the port
and send an alert to the Network Management System, too.
Oh, how I love this networking stuff. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://softweyr.com/ wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37A0F7C9.676F675C>