Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 18 Jan 2007 13:07:14 +0300
From:      "Andrew Pantyukhin" <infofarmer@FreeBSD.org>
To:        "Ted Mittelstaedt" <tedm@toybox.placo.com>
Cc:        "Dan Mahoney, System Admin" <danm@prime.gushi.org>, questions@freebsd.org
Subject:   Re: Transport Mode IPSEC
Message-ID:  <cb5206420701180207x27ebea97s1259a8b321ec17eb@mail.gmail.com>
In-Reply-To: <00c601c73ae4$85eec240$3c01a8c0@coolf89ea26645>
References:  <20070118022306.Q26349@prime.gushi.org> <005701c73ad3$1e433560$3c01a8c0@coolf89ea26645> <cb5206420701180025t33de5399q11a8b96f6322a964@mail.gmail.com> <00c601c73ae4$85eec240$3c01a8c0@coolf89ea26645>

next in thread | previous in thread | raw e-mail | index | archive | help
On 1/18/07, Ted Mittelstaedt <tedm@toybox.placo.com> wrote:
>
> ----- Original Message -----
> From: "Andrew Pantyukhin" <infofarmer@freebsd.org>
> To: "Ted Mittelstaedt" <tedm@toybox.placo.com>
> Cc: "Dan Mahoney, System Admin" <danm@prime.gushi.org>;
> <questions@freebsd.org>
> Sent: Thursday, January 18, 2007 12:25 AM
> Subject: Re: Transport Mode IPSEC
>
>
> > On 1/18/07, Ted Mittelstaedt <tedm@toybox.placo.com> wrote:
> > > Dan,
> > >
> > >   You do realize, don't you, that since both of these hosts are on a
> switch,
> > > and are using unicast traffic to communicate with each other, that they
> > > cannot be sniffed, don't you?
> > >
> > >   You might read up on ethernet switching technology a bit before
> > > answering that.
> >
> > I'm sorry to be the one to make this remark but it's
> > you who needs to read a bit to learn (a) how to sniff
> > traffic off most Ethernet switches from D-Link to
> > Cisco; (b) what other security risks unprotected NFSv3
> > shares pose.
>
> Yeah, sure I've heard that one before.
>
> Why don't you go ahead and elaborate one of your favorite
> theoretical attacks out of one of those books that "proves"
> that an attacker can "sniff most switches" so I can have the
> fun of knocking it down by real-world hardware implementations
> that you can actually buy and use right now.
>
> Don't be a fool.  Ethernet switch manufacturers aren't stupid and
> have read the same stuff your citing.  They combat them 2 ways.
> The first is used on the expensive switches and it's called filtering
> and allows switch manufacturer salespeople to have something to
> dog and pony.  The second is used on the cheapo switches and
> it's called using a wussy CPU on the switch so that the second
> you try attacking the switch with one of your fancy attacks to
> sniff it, the switch just rolls over and dies, passing so few packets
> that every connection through it looses tremendous numbers of
> packets, and hell breaks loose as all users start screaming.
>
> been there, done that.  Those work just dandy in the lab and
> in your CCIE class with 3 hosts setup for the purpose of
> demonstrating the attacks.  But try it on a production network some
> day and the side-effects will kill you.

Okay, I'm sorry to have sounded a bit rough before
I even parsed your name :-) You don't need to throw
bits of your knowledge at unsuspecting bystanders,
too. ;)

Most attacks I can imagine, I read/heard about or
seen in the worst of my nightmares - I wouldn't be
able to reproduce or describe in detail. My friend
has a motto, which I happen to agree with: there's
a good enough attacker for any kind of security
measures, our job is to make his job as tough as
possible.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cb5206420701180207x27ebea97s1259a8b321ec17eb>